Friday, December 3, 2010

DNS: trailing periods

SkyHi @ Friday, December 03, 2010
The trailing '.' makes the name into a "Fully Qualified Domain Name", i.e. an absolute domain name.

The trailing dot tells the DNS server that this is a fully qualified name. The dot is the root of the DNS heirarchy. If you don't use the dot, the DNS server will assume that it's a record in the current zone and will append it for you. For example, if you have a CNAME in that points to, when you query for that, you'll get, which probably isn't what you wanted.

In Bind config files if you don't add the trailing '.' then the name is assumed to be relative to the current zone file's $ORIGIN.

mail           IN A
mail2         IN A
server      IN A
@             IN MX 10  mail                       ; not FQDN - appended
                IN MX 20     ; FQDN 
                IN MX 30      ; FQDN in another domain
                IN MX 40      ; ERROR - not FQDN - appended
www      IN CNAME  server                    ; not FQDN - appended


How to Add Static route in Windows XP/2000/Vista

SkyHi @ Friday, December 03, 2010
A route describes the gateway IP address and network interface to use when sending packets to a network. The routing table on a host holds a list of destination networks and the routes to those networks. This recipe describes adding entries to this routing table that will not persist following a reboot. These temporary routes are useful during troubleshooting or when making changes to the network topology.

If you want to add static route you need to use route command

route syntax

route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric]] [if Interface]]

-f : Clears the routing table of all entries that are not host routes

-p : When used with the add command, the specified route is added to the registry and is used to initialize the IP routing table whenever the TCP/IP protocol is started.

Command : Specifies the command you want to run.





mask Netmask : Specifies the netmask

Gateway : Specifies the forwarding or next hop IP address over which the set of addresses defined by the network destination and subnet mask are reachable.

metric Metric : Specifies an integer cost metric (ranging from 1 to 9999) for the route, which is used when choosing among multiple routes in the routing table that most closely match the destination address of a packet being forwarded.

if Interface : Specifies the interface index for the interface over which the destination is reachable.


To display the entire contents of the IP routing table, type:

route print

To display the routes in the IP routing table that begin with 10., type:

route print 10.*

To add a default route with the default gateway address of, type:

route add mask

To add a route to the destination with the subnet mask of and the next hop address of, type:

route add mask

To add a persistent route to the destination with the subnet mask of and the next hop address of, type:

route -p add mask

To add a route to the destination with the subnet mask of, the next hop address of, and the cost metric of 7, type:

route add mask metric 7

To add a route to the destination with the subnet mask of, the next hop address of, and using the interface index 0×3, type:

route add mask if 0×3

To delete the route to the destination with the subnet mask of, type:

route delete mask

To delete all routes in the IP routing table that begin with 10., type:

route delete 10.*

To change the next hop address of the route with the destination of and the subnet mask of from to, type:

route change mask


Thursday, December 2, 2010

How to Backup Blogger articles

SkyHi @ Thursday, December 02, 2010
There are lots of blogger user who want to make backup of their articles, just to protect their work or to move their blog to another blogging service or simply to store their blog on your own hard drive. If you are one of them then you need to follow the given instructions below:
How to Backup Blogger articles:
1. Login to your Blooger Account.
manage blogger screenshot How to Backup Blogger articles
2. Go to ‘Settings | Basic‘ and Click ‘Export blog‘ link.
blogger setting export screenshot How to Backup Blogger articles

3. On the next page click ‘DOWNLOAD BLOG‘  button.
backup blogger articles database How to Backup Blogger articles
The downloaded file will be in XML format and you can rename it for convenience. Now, your posts are safe on your hard drive and if somehow you lost your posts, you can easily recover them by Import blog link in Settings > Basic > Import.


Wednesday, December 1, 2010

Mac change pop3 to imap

SkyHi @ Wednesday, December 01, 2010
Click to play
The iPhone comes with probably the best email application on a mobile device. The problem is that if I read and delete an email on the iPhone, when I get to my laptop I need to do it all over again because my email uses the POP email protocol. And this is cramping my style. With the POP protocol, email is downloaded from the server and stored on my computer. The most recent emails stay on the server usually for a week or two and that’s why multiple devices re-download the same emails. A more productive system is to use the IMAP email protocol. With IMAP, all email stays on the server. If you delete an email on the iPhone, it is deleted when I get to my computer. I only have to do things once and that’s the beauty of it.
In this tutorial I’m going to show how to switch an account from POP to IMAP. And to be honest, you don’t need an iPhone to benefit from this setup. IMAP will allow you to check your email from work or some one else’s computer and have access to all of you email folders and sent emails. This is not for web services like Google or Hotmail, although as long as it supports IMAP it doesn’t really matter.
This example uses Apple’s Mail in Tiger. But, I believe IMAP was supported in Panther as well.

Step 1: Disable email checking

Disable Email Checking
First disable email checking in ALL accounts so that there are no other processes happening while you set up Mail. From Apple’s Mail application menu go to ‘Mail > Preferences’ and select the Accounts tab. Go through each of your accounts and from the Advanced tab deselect “Include when automatically checking for new email”.

Step 2 Create a new Email Account

Create New Account
Next, select the plus sign at the bottom of the Accounts window to create a new account.
Name Account
Enter your account description, name and email.
Incoming Mail Server
Enter your incoming server info. This is supplied by your email provider and is usually the same as your POP email settings.
Outgoing Mail Server
Enter you outgoing mail server info as well.
New Account Created
Mail will then check the outgoing mail server before creating the account. This process can take a few minutes.

Step 3: Disable email checking on new account

Disable Account
Once the account is created, deselect the automatic checking for email like we did on all the other accounts.

Step 4: Set IMAP Path ( if needed )

IMAP Prefix
This step is only taken if needed. In my case, my mail server stores all mailbox folders inside of the INBOX folder. Some server are set up differently, it is best to find out from your provider. Try INBOX to start, we’ll see if that works on step 6.

Step 5: Assign folders ( if needed )

Assign Folders
Once the account is set up properly, if there are folders in your local account, Mail will show the basic Sent, Draft, Trash folder under a Globe icon. This icon is the mail account in your server. To tell Mail these folders should be considered special folders, just choose a folder, i.e. trash, and go to the top menu and select ‘Mailbox > Choose This Mailbox For’ and select it’s type. Trash should be Trash etc.

Step 6: Copy local emails to IMAP account

Create New Mail Box
To copy emails from the POP account to the IMAP account, just create a new mailbox by clicking on the plus sign at the bottom left corner of the Message Viewer window. When prompted, choose your IMAP mail account from the location popup window and name the folder you choose to copy.
Copy Folder Contents
Start by noting how many emails are on the local folder you are copying then select them all and drag them to the corresponding folder in the IMAP server. In the screenshot above we are copying all the email from the selected Archives folder to the Archives folder in the All Forces IMAP server at the bottom of the list. The speed of the transfer depends on how many emails you are transferring, their file size and what upload speed your internet connection is. Open the Activity Viewer window to keep track of the progress.
Delete Empty Folder
Once all the emails of the folder are copied to the server, double check that they all copied by selecting the folder on the server and looking at its message count in the window name. If all emails copied, control+click the local folder and select Delete from the pull down menu. Sometimes the deleting step needs to be repeated.
Copy Inbox Items
Once you are done copying all folders, open the Inbox Mailbox by clicking on the triangle and move all the Inbox emails from the POP account to the Inbox of the IMAP account. Do the same step for the Drafts and Sent folders. Trash is optional. Some of you like to undelete I am sure.

Step 7: Delete POP Account

Remove Accounts
Double check that there are no more local email folders with any emails in them. And that there are no emails in the local POP account Inbox, Draft or sent folders. I can not stress this enough, this step can NOT be undone. Your will loose emails if you still have them locally in your POP account. From the menu select ‘Mail > Prefereces’ and go to the Accounts tab. Select the old POP account and press the minus icon to delete his account. This deletes the POP email account.

Step 8: Enable email checking

Enable Email Checking
Next, go through each of your accounts and from the Advanced tab select “Include when automatically checking for new email”. Now close the Preferences window and from the to menu select ‘Mailbox > Synchronize All Accounts’. This step will synchronize your local emails with the server. This process will take a little while the first time you do it.

Step 9: Sync iPhone and enjoy

iphone mail folders
Sync up your iPhone to transfer your new Mail account settings. When completed, unplug it and turn it on. From the iPhone, select the Mail application, select your email account and you will notice you now have all of your folders listed there. You might need to wait a little bit the first time as the phone synchronizes with the IMAP server. Tap on a folder to see the emails in them. Also, when reading an email in the inbox, tap the folder icon and you get the folder list where you can move the email to.


Switching from POP to IMAP is relatively painless but it does take some careful attention to avoid any email loss. I have moved accounts in as quick as half an hour ad as long as a day and a half due to lots and lots of attachments and slow upload speeds. Keep in mind, most hosting services do have a size limit for your account so keep an eye on your attachments. Mail provides a nice function under ‘Message > Remove Attachments’ where you can remove large attachments after you have copied them to another place in your computer. I have a dynamic folder called Attachments that automatically gets populated only with emails that have attachments that gives me a quick view off all my attachments. Also, keep in mind that IMAP is not as snappy as POP mail. But the slight delay, which is only noticeable when you first select a folder, is more than made up by the fact that you are always accessing your email directly whether it’s from your Mac, webmail or the iPhone. Also, iPhone shows a maximum of 50 200 emails per folder. So if you do need access to ALL of your emails, try doing sub-folders or just check your IMAP mail through a browser in the iPhone.
That’s all for now. Happy emailing…


Email setup for all platforms

SkyHi @ Wednesday, December 01, 2010

Learn Linux, 101: Manage file permissions and ownership

SkyHi @ Wednesday, December 01, 2010
In this article, learn to control file access through correct use of file and directory permissions and ownerships. Learn to:
  • Manage access permissions on both regular and special files as well as directories
  • Maintain security using access modes such as suid, sgid, and the sticky bit
  • Change the file creation mask
  • Grant file access to group members
Unless otherwise noted, the examples in this article use Fedora 13 with a 2.6.34 kernel. Your results on other systems may differ.
This article helps you prepare for Objective 104.5 in Topic 104 of the Linux Professional Institute's Junior Level Administration (LPIC-1) exam 101. The objective has a weight of 3.
We introduced some of the file and group ownership concepts of this article in our previous article "Learn Linux 101: Manage disk quotas." This article will help you understand those concepts more completely.
To get the most from the articles in this series, you should have a basic knowledge of Linux and a working Linux system on which you can practice the commands covered in this article. Sometimes different versions of a program will format output differently, so your results may not always look exactly like the listings and figures shown here.

User and groups

Connect with Ian

Ian is one of our most popular and prolific authors. Browse all of Ian's articles on developerWorks. Check out Ian's profile and connect with him, other authors, and fellow readers in My developerWorks.
By now, you know that Linux is a multiuser system and that each user belongs to one primary group and possibly additional groups. It is also possible to log in as one user and become another user using the su or sudo -s commands. Ownership of files in Linux and access authority are closely related to user ids and groups, so let's review some basic user and group information.
Who am I?
If you have not become another user, your id is still the one you used to log in. If you have become another user, your prompt may include your user id, as most of the examples in this article do. If your prompt does not include your user id, then you can use the whoami command to check your current effective id. Listing 1 shows some examples where the prompt strings (from the PS1 environment variable) are different from the other examples in this article. Having your id in the prompt string can be a useful feature.

Listing 1. Determining effective user id
/home/ian$ whoami
/home/ian$ exit
$ whoami

What groups am I in?
Similarly, you can find out what groups you are in by using the groups command. You can find out both user and group information using the id command. Add a user id parameter to either groups or id to see information for that user id instead of the current user id. See Listing 2 for some examples. Note that without a userid, the id command will also display SELinux context as well as basic id information.

Listing 2. Determining group membership
[ian@echidna ~]$ id
uid=1000(ian) gid=1000(ian) groups=1000(ian),505(development),8093(editor)
[ian@echidna ~]$ id ian
uid=1000(ian) gid=1000(ian) groups=1000(ian),8093(editor),505(development)
[ian@echidna ~]$ groups
ian development editor
[ian@echidna ~]$ id tom
uid=1012(tom) gid=1012(tom) groups=1012(tom),505(development)
[ian@echidna ~]$ groups tom
tom : tom development
[ian@echidna ~]$ su tom
[tom@echidna ian]$ groups
tom development
[tom@echidna ian]$ groups ian
ian : ian editor development

File ownership and permissions
Just as every user has an id and is a member of one primary group, so every file on a Linux system has one owner and one group associated with it.
Ordinary files
Use the ls -l command to display the owner and group.

Listing 3. Determining file ownership
[ian@echidna ~]$ ls -l /bin/bash .bashrc helloworld.C 
-rw-r--r--. 1 ian  ian            124 Mar 31  2010 .bashrc
-rwxr-xr-x. 1 root root        943360 May 21  2010 /bin/bash
-rw-rw-r--. 1 ian  development    116 Nov 30 10:21 helloworld.C

In this particular example, user ian's .bashrc file is owned by him and is in the ian group, which is his primary group. Similarly, /bin/bash is owned by user root and is in the group root. However, helloworld.C is owned by user ian, but its group is development. User names and groups names come from separate namespaces, so a given name may be both a user name and a group name. In fact, many distributions default to creating a matching group for each new user.
The Linux permission model has three types of permission for each filesystem object. The permissions are read (r), write (w), and execute (x). Write permission includes the ability to alter or delete an object. In addition, these permissions are specified separately for the file's owner, members of the file's group, and everyone else.
Referring back to the first column of Listing 3, notice that it contains an eleven-character string. The eleventh character is a recent addition. We'll discuss it in a moment. The first character describes the type of object (- for an ordinary file in this example) and the remaining nine characters represent three groups of three characters. The first group indicates the read, write, and execute permissions for the file's owner. A - indicates that the corresponding permission is not granted. So user ian can read and write the .bashrc file, but not execute it; while root can read, write, and execute the /bin/bash file. The second group indicates the read, write, and execute permissions for the file's group. Members of the development group can read or write ian's helloworld.C file, while everyone else can only read it. Similarly, members of the root group and everyone else can read or execute the /bin/bash file.
Directories use the same permissions flags as regular files, but they are interpreted differently. Read permission for a directory allows a user with that permission to list the contents of the directory. Write permission means a user with that permission can create or delete files in the directory. Execute permission allows the user to enter the directory and access any subdirectories. Without execute permission, the filesystem objects inside a directory are not accessible. Without read permission, the filesystem objects inside a directory are not viewable in a directory listing, but these objects can still be accessed as long as you know the full path to the object on disk. Listing 4 is a very artificial example to illustrate these points.

Listing 4. Permissions and directories
[ian@echidna ~]$ ls -l /home
total 32
drwxr-x---. 38 editor   editor      12288 Nov 30 10:49 editor
drwxr-x---.  4 greg     development  4096 Nov 30 12:44 greg
drwx------. 21 gretchen gretchen     4096 Nov 30 11:26 gretchen
drwxr-xr-x. 41 ian      ian          4096 Nov 30 10:51 ian
drwx------. 21 ianadmin ianadmin     4096 May 28  2010 ianadmin
d-wx--x--x. 21 tom      tom          4096 Nov 30 11:30 tom
[ian@echidna ~]$ ls -a ~greg/.ba*
/home/greg/.bash_history  /home/greg/.bash_profile
/home/greg/.bash_logout   /home/greg/.bashrc
[ian@echidna ~]$ ls -a ~gretchen
ls: cannot open directory /home/gretchen: Permission denied
[ian@echidna ~]$ ls -a ~tom
ls: cannot open directory /home/tom: Permission denied
[ian@echidna ~]$ head -n 3 ~tom/.bashrc
# .bashrc

# Source global definitions

The first character of a long listing describes the type of object (d for a directory). User greg's home directory has read and execute permission for members of the development group, so users tom and ian can list the directory. User gretchen's home directory has neither read nor execute permission for the gretchen group or other users, so user ian cannot access it. User tom's home has execute but not read permission, so user ian cannot list the contents, but can access objects within the directory if he knows they exist.
Other filesystem objects
The output from ls -l may contain filesystem objects other than files and directories as shown by the first character in the listing. We will see more of these later in this article, but for now, note the possible types of objects.

Table 1. Filesystem object types
CodeObject type
-Regular file
lSymbolic link
cCharacter special device
bBlock special device
The eleventh character
The eleventh character in a long listing from the ls command is a recent enhancement, so some distributions may still show only the first ten characters. In other cases, the eleventh character is a space, so you may not notice it. This character specifies whether an alternate access method applies to the file. When the character following the file mode bits is a space, there is no alternate access method. When it is a printing character, then there is such a method. The method might be an access control list for example. GNU ls uses a '.' (dot) character to signify a file with only an SELinux security context. Files with any other combination of alternate access methods are marked with the '+' (plus) character.

Changing permissions
Adding permissions
Suppose you create a "Hello world" shell script. When you first create the script, it will usually not be executable. Use the chmod command with the +x option to add the execute permissions as shown in Listing 5.

Listing 5. Creating an executable shell script
[ian@echidna ~]$ echo 'echo "Hello world!"'>
[ian@echidna ~]$ ls -l
-rw-rw-r--. 1 ian ian 20 Nov 30 13:05
[ian@echidna ~]$ ./
bash: ./ Permission denied
[ian@echidna ~]$ chmod +x
[ian@echidna ~]$ ./
Hello world!
[ian@echidna ~]$ ls -l
-rwxrwxr-x. 1 ian ian 20 Nov 30 13:05

You can use +r to set the read permissions, and +w to set the write permissions in a similar manner. In fact, you can use any combination of r, w, and x together. For example, using chmod +rwx would set all the read, write, and execute permissions for a file. This form of chmod adds permissions that are not already set.
Being selective
You may have noticed in the above example that execute permission was set for the owner, group, and others. To be more selective, you may prefix the mode expression with u to set the permission for users, g to set it for groups, and o to set it for others. Specifying a sets the permission for all users, which is equivalent to omitting it. Listing 6 shows how to add user and group write and execute permissions to another copy of the shell script.

Listing 6. Selectively adding permissions
[ian@echidna ~]$ echo 'echo "Hello world!"'>
[ian@echidna ~]$ chmod ug+xw
[ian@echidna ~]$ ls -l
-rwxrwxr--. 1 ian ian 20 Nov 30 13:08

Removing permissions
Sometimes you need to remove permissions rather than add them. Simply change the + to a -, and you remove any of the specified permissions that are set. Listing 7 shows how to remove all permissions for other users on the two shell scripts.

Listing 7. Removing permissions
[ian@echidna ~]$ ls -l hello*.sh
-rwxrwxr--. 1 ian ian 20 Nov 30 13:08
-rwxrwxr-x. 1 ian ian 20 Nov 30 13:05
[ian@echidna ~]$ chmod o-xrw hello*.sh
[ian@echidna ~]$ ls -l hello*.sh
-rwxrwx---. 1 ian ian 20 Nov 30 13:08
-rwxrwx---. 1 ian ian 20 Nov 30 13:05

Note that you can change permissions on more than one file at a time. As with some other commands you met in the articles for topic 103, you can even use the -R (or --recursive) option to operate recursively on directories and files.
Setting permissions
Now that you can add or remove permissions, you may wonder how to set just a specific set of permissions. Do this using = instead of + or -. To set the permissions on the above scripts so that other users have no access rights, you could use chmod o= hello*, instead of the command we used to remove permissions.
If you want to set different permissions for user, group, or other, you can separate different expressions by commas; for example, ug=rwx,o=rx, or you can use numeric permissions, which are described next.
Octal permissions
So far you have used symbols (ugoa and rxw) to specify permissions. There are three possible permissions in each group. You can also set permissions using octal numbers instead of symbols. Permissions set in this way use up to four octal digits. We will look at the first digit when we discuss attributes. The second digit defines user permissions, the third group permissions and the fourth other permissions. Each of these three digits is constructed by adding the desired permissions settings: read (4), write (2), and execute (1). In the example for in Listing 5, the script was created with permissions -rw-r--r--, corresponding to octal 644. Setting execute permission for everyone changed the mode to 755.
Using numeric permissions is very handy when you want to set all the permissions at once without giving the same permissions to each of the groups. Use Table 2 as a handy reference for octal permissions.

Table 2. Numeric permissions
rwx 7
rw- 6
r-x 5
r-- 4
-wx 3
-w- 2
--x 1
--- 0

Access modes
When you log in, the new shell process runs with your user and group ids. These are the permissions that govern your access to any files on the system. This usually means that you cannot access files belonging to others and cannot access system files. In fact, we as users are totally dependent on other programs to perform operations on our behalf. Because the programs you start inherit your user id, they cannot access any filesystem objects for which you haven't been granted access.
An important example is the /etc/passwd file, which cannot be changed by normal users directly, because write permission is enabled only for root: However, normal users need to be able to modify /etc/passwd somehow, whenever they need to change their password. So, if the user is unable to modify this file, how can this be done?
suid and sgid
The Linux permissions model has two special access modes called suid (set user id) and sgid (set group id). When an executable program has the suid access modes set, it will run as if it had been started by the file's owner, rather than by the user who really started it. Similarly, with the sgid access modes set, the program will run as if the initiating user belonged to the file's group rather than to his own group. Either or both access modes may be set.
Listing 8 shows that the passwd executable is owned by root:

Listing 8. suid access mode on /usr/bin/passwd
[ian@echidna ~]$ ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 34368 Apr  6  2010 /usr/bin/passwd

Note that in place of an x in the user's permission triplet, there's an s. This indicates that, for this particular program, the suid and executable bits are set. So when passwd runs, it will execute as if the root user had launched it with full superuser access, rather than that of the user who ran it. Because passwd runs with root access, it can modify /etc/passwd.
The suid and sgid bits occupy the same space as the x bits for user and group in a long directory listing. If the file is executable, the suid or sgid bits, if set, will be displayed as lowercase s, otherwise they are displayed as uppercase S.
While suid and sgid are handy, and even necessary in many circumstances, improper use of these access mode can allow breaches of a system's security. You should have as few suid programs as possible. The passwd command is one of the few that must be suid.
Setting suid and sgid
The suid and sgid bits are set and reset symbolically using the letter s; for example, u+s sets the suid access mode, and g-s removes the sgid mode. In the octal format, suid has the value 4 in the first (high order) digit, while sgid has the value 2.
Directories and sgid
When a directory has the sgid mode enabled, any files or directories created in it will inherit the group id of the directory. This is particularly useful for directory trees that are used by a group of people working on the same project. Listing 9 shows how user greg could set up a directory that all users of the development group could use, along with an example of how user gretchen could create a file in the directory. As created, the file gretchen.txt allows groups members to write to the file, so gretchen uses chmod g-w to disable group write capability.

Listing 9. sgid access mode and directories
[greg@echidna ~]$ mkdir lpi101
[greg@echidna ~]$ chmod g+ws lpi101
[greg@echidna ~]$ ls -ld lpi101
drwxrwsr-x. 2 greg development 4096 Nov 30 13:30 lpi101/
[greg@echidna ~]$ su - gretchen
[gretchen@echidna ~]$ touch ~greg/lpi101/gretchen.txt
[gretchen@echidna ~]$ ls -l ~greg/lpi101/gretchen.txt
-rw-rw-r--. 1 gretchen development 0 Nov 30 14:12 /home/greg/lpi101/gretchen.txt
[gretchen@echidna ~]$ chmod g-w ~greg/lpi101/gretchen.txt
[gretchen@echidna ~]$ ls -l ~greg/lpi101/gretchen.txt
-rw-r--r--. 1 gretchen development 0 Nov 30 14:12 /home/greg/lpi101/gretchen.txt

Any member of the development group can now create files in user greg's lpi101 directory. As Listing 10 shows, other members of the group cannot update the file gretchen.txt. However, they do have write permission to the directory and can therefore delete the file.

Listing 10. sgid access mode and file ownership
[gretchen@echidna ~]$ su - tom
[tom@echidna ~]$ echo "something" >> ~greg/lpi101/gretchen.txt
-bash: /home/greg/lpi101/gretchen.txt: Permission denied
[tom@echidna ~]$ rm ~greg/lpi101/gretchen.txt
rm: remove write-protected regular empty file `/home/greg/lpi101/gretchen.txt'? y
[tom@echidna ~]$ ls -l ~greg/lpi101/
total 0

The sticky bit
You have just seen how anyone with write permission to a directory can delete files in it. This might be acceptable for a workgroup project, but is not desirable for globally shared file space such as the /tmp directory. Fortunately, there is a solution.
The remaining access mode bit is called the sticky bit. It is represented symbolically by t and numerically as a 1 in the high-order octal digit. It is displayed in a long directory listing in the place of the executable flag for other users (the last character), with the same meaning for upper and lower case as for suid and sgid. If set for a directory, it permits only the owning user or the superuser (root) to delete or unlink a file. Listing 11 shows how user greg could set the sticky bit on his lpi101 directory and also shows that this bit is set for /tmp.

Listing 11. Sticky directories
[greg@echidna ~]$ chmod +t lpi101
[greg@echidna ~]$ ls -ld lpi101 /tmp
drwxrwsr-t.  2 greg development  4096 Nov 30 14:16 lpi101
drwxrwxrwt. 24 root root        12288 Nov 30 14:22 /tmp

On a historical note, UNIX® systems used to use the sticky bit on files to hoard executable files in swap space and avoid reloading. Modern Linux kernels ignore the sticky bit if it is set for files.
Access mode summary
Table 3 summarizes the symbolic and octal representation for the three access modes discussed here.

Table 3. Access modes
Access modeSymbolicOctal
suid s with u 4000
sgid s with g 2000
sticky t 1000
Combining this with the earlier permission information, you can see that the full octal representation corresponding to greg's lpi101 permissions and access modes of drwxrwsr-t is 3775. While the ls command does not display the octal permissions, you can display them using the find command as shown in Listing 12

Listing 12. Printing symbolic and octal permissions
[greg@echidna ~]$ find . -name lpi101  -printf "%M %m %f\n"
drwxrwsr-t 3775 lpi101

Immutable files
The access modes and permissions provide extensive control over who can do what with files and directories. However, they do not prevent things such as inadvertent deletion of files by the root user. Although beyond the scope of LPI Topic 104.5, there are some additional attributes available on various filesystems that provide additional capabilities. One of these is the immutable attribute. If this is set, even root cannot delete the file until the attribute is unset.
Use the lsattr command to see whether the immutable flag (or any other attribute) is set for a file or directory. To make a file immutable, use the chattr command with the -i flag.
Listing 13 shows that user root can create an immutable file but cannot delete it until the immutable flag is removed.

Listing 13. Immutable files
[root@echidna ~]# touch
[root@echidna ~]# chattr +i
[root@echidna ~]# lsattr
[root@echidna ~]# rm -f
rm: cannot remove `': Operation not permitted
[root@echidna ~]# chattr -i
[root@echidna ~]# rm -f

Changing the immutable flag requires root authority, or at least the CAP_LINUX_IMMUTABLE capability. Making files immutable is often done as part of a security or intrusion detection effort. See the capabilities man page (man capabilities) for more information.

The file creation mask
When a new file is created, the creation process specifies the permissions that the new file should have. Often, the mode requested is 0666, which makes the file readable and writable by anyone. Directories usually default to 0777. However, this permissive creation is affected by a umask value, which specifies what permissions a user does not want to grant automatically to newly created files or directories. The system uses the umask value to reduce the originally requested permissions. You can view your umask setting with the umask command, as shown in Listing 14.

Listing 14. Displaying octal umask
[ian@echidna ~]$ umask

Remember that the umask specifies which permissions should not be granted. On Linux systems, where users do not have private groups the umask normally defaults to 0022, which removes group and other write permission from new files. Where users have a private group (as on the Fedora system used in these examples) the umask normally defaults to 0002 which removes the write permission for other users. Use the -S option to display the umask symbolically, in a form that shows which are the permissions that are allowed.
Use the umask command to set a umask as well as display one. So, if you would like to keep your files more private and disallow all group or other access to newly created files, you would use a umask value of 0077. Or set it symbolically using umask u=rwx,g=,o=, as illustrated in Listing 15.

Listing 15. Setting the umask
[ian@echidna ~]$ umask -S
[ian@echidna ~]$ umask u=rwx,g=,o=
[ian@echidna ~]$ umask
[ian@echidna ~]$ touch newfile
[ian@echidna ~]$ ls -l newfile
-rw-------. 1 ian ian 0 Nov 30 15:40 newfile

Setting file owner and group
File group
To change the group of a file, use the chgrp command with a group name and one or more filenames. You may also use the group number if you prefer. An ordinary user must own the file and also be a member of the group to which the file's group is being changed. The root user may change files to any group. Listing 16 shows an example.

Listing 16. Changing group ownership
[ian@echidna ~]$ touch file{1,2}
[ian@echidna ~]$ ls -l file*
-rw-rw-r--. 1 ian ian 0 Nov 30 15:54 file1
-rw-rw-r--. 1 ian ian 0 Nov 30 15:54 file2
[ian@echidna ~]$ chgrp development file1
[ian@echidna ~]$ chgrp 505 file2
[ian@echidna ~]$ ls -l file*
-rw-rw-r--. 1 ian development 0 Nov 30 15:54 file1
-rw-rw-r--. 1 ian development 0 Nov 30 15:54 file2

As with many of the commands covered in this tutorial, chgrp has a -R option to allow changes to be applied recursively to all selected files and subdirectories.
Default group
When you studied Access modes above, you learned how setting the sgid mode on a directory causes new files created in that directory to belong to the group of the directory rather than to the group of the user creating the file.
You may also use the newgrp command to temporarily change your primary group to another group of which you are a member. A new shell will be created, and when you exit the shell, your previous group will be reinstated, as shown in Listing 17.

Listing 17. Using newgrp to temporarily change default group
[ian@echidna ~]$ groups
ian development editor
[ian@echidna ~]$ newgrp development
[ian@echidna ~]$ groups
development ian editor
[ian@echidna ~]$ touch file3
[ian@echidna ~]$ ls -l file3
-rw-r--r--. 1 ian development 0 Nov 30 16:00 file3
[ian@echidna ~]$ exit
[ian@echidna ~]$ groups
ian development editor

File owner
The root user can change the ownership of a file using the chown command. In its simplest form, the syntax is like the chgrp command, except that a user name or numeric id is used instead of a group name or id. The file's group may be changed at the same time by adding a colon and a group name or id right after the user name or id. If only a colon is given, then the user's default group is used. Naturally, the -R option will apply the change recursively. Listing 18 shows an example.

Listing 18. Using chown to changing file ownership
[ian@echidna ~]$ touch file4
[ian@echidna ~]$ su -
[root@echidna ~]# ls -l ~ian/file4
-rw-rw-r--. 1 ian ian 0 Nov 30 16:04 /home/ian/file4
[root@echidna ~]# chown greg ~ian/file4
[root@echidna ~]# ls -l ~ian/file4
-rw-rw-r--. 1 greg ian 0 Nov 30 16:04 /home/ian/file4
[root@echidna ~]# chown tom:gretchen ~ian/file4
[root@echidna ~]# ls -l ~ian/file4
-rw-rw-r--. 1 tom gretchen 0 Nov 30 16:04 /home/ian/file4
[root@echidna ~]# chown :tom ~ian/file4
[root@echidna ~]# ls -l ~ian/file4
-rw-rw-r--. 1 tom tom 0 Nov 30 16:04 /home/ian/file4

An older form of specifying both user and group used a dot instead of a colon. This is no longer recommended as it may cause confusion when names include a dot.
This completes your introduction to file and directory permissions on Linux.


10 PEAR Packages for Every PHP Developer's Toolbox

SkyHi @ Wednesday, December 01, 2010
PHP easily ranks among the world's most popular programming languages, with the TIOBE Programming Community Index placing it second only to Java, C, and C++ in terms of global language adoption. Logically, a community of this size has an enormous amount of commercial interests at work, with companies like Microsoft, IBM, and Zend offering a host of products and services. Additionally, a large open source ecosystem has also been built around the language, with project hosting websites such as GitHub and SourceForge home to tens of thousands of PHP-driven projects.
PHP developers also have another community-driven treasure trove at their disposal, one which is host to almost 600 high-quality libraries yet never seems to garner the attention it deserves. I'm referring to the PHP Extension and Application Repository, better known as PEAR, and in this article I'll try to shine the spotlight just a bit brighter on this fantastic community resource by highlighting 10 useful PEAR libraries (better known as packages) that have become an indispensable part of my programming toolkit.

1. Authenticating Users with Auth

Back in the Web's early days, it was typical to authenticate users using Apache's built-in authentication feature. But as the breadth of information shared over the Web continued to grow, so did the need to authenticate users in increasingly flexible and sophisticated ways. For instance, you might wish to unify your company's employee accounts using LDAP and require all users to log in to the intranet using the newly unified account. Likewise, if you were attempting to build a new Web-based e-mail client, you'd likely want the user to be able to log in using his or her email account credentials. Yet understanding how each of these authentication protocols work isn't practical. Instead, you can rely on the Auth package to take care of the gory details for you.
Auth is capable of authenticating a user against an impressive number of protocols, among them IMAP, LDAP and RADIUS. Further, you can use other supported adapters to consult credentials stored in a database, textfile, or even an array. Auth will even auto-generate a login interface for you!

2. Cleaning Up Your Code with PHP_Beautifier

When you're lost in the task of banging out reams of PHP code, following formatting and other best practices are probably the last things on your mind. Why not leave the formatting to the PHP_Beautifier package, a command-line and scripting tool capable of reformatting your code to your exacting standards. Default features include the ability to bring your scripts into compliance with the PEAR Coding Standards, convert all control structures to lowercase, clean up your documentation, add newlines before and after specified tokens, and more.
Consider using PHP_Beautifier in conjunction with another powerful package named PHP_CodeSniffer, which is introduced later in this article.

3. Converting Roman Numerals with Numbers_Roman

Although in all of my years I haven't had the opportunity to use the Numbers_Roman package within a project, I regularly reference this particular package when encouraging PHP developers to learn more about PEAR because it is a perfect example of PEAR's ability to help you implement a solution to an uncommon yet difficult problem. Suppose you were creating a website for movie aficionados, which stored the movie's release date using Roman numerals in the same fashion you're used to seeing in a movie's opening credits (for example, MCMLXIII). To encourage the community to add new movies to the database, you allow them to enter these release dates using Arabic numerals (1963, for instance). The Numbers_Roman package can help you to easily translate between the two.
Attempting to implement this feature on your own would be an interesting programming exercise, but not exactly something I'd want to do while facing a deadline!

4. Creating Forms with HTML_QuickForm2

Many developers tend to bristle at the notion of programmatically creating HTML forms. I too was a vocal leader of the "just say no" crowd, until encountering the Zend_Form component. Not long after, I was dragged kicking and screaming into form nirvana. The fact is programmatic form creation is about much more than simply programmatically outputting HTML; most solutions include the ability to associate validators with fields, set field defaults, and filter user input, three tasks that can be difficult and tedious to implement.
If you're not using a framework such as the Zend Framework or CakePHP -- each of which offers its own automated form generation solution -- check out the HTML_QuickForm2 package. HTML_QuickForm2 supports the ability to render all of the usual HTML form elements, in addition to complex fields such as a dual select box. Also supported are a wide range of input validators capable of vetting data for length, existence and equality, and you can even define your own custom validators for specialized purposes.
Additionally, you'll find that formatting flexibility is not compromised when using a solution such as HTML_QuickForm2, as you'll be able to continue displaying forms in any way you see fit, complete with CSS integration.

5. Downloading Files with HTTP_Download

One of the most frequently asked questions about Web development pertains to how one can provide certain users with the ability to download files such as PDFs, while simultaneously preventing others from accessing these files by manipulating the website URL. The most common answer involves using an intermediary service, which will retrieve the desired file from outside of the Web server's document root and then stream the contents to the accredited user. While the knowledgeable developer won't find a simple implementation of this task particularly challenging, resolving the security issue is only part of the challenge. More sophisticated implementations might handle caching and compression, and support resuming partial downloads, none of which I'd want to implement myself.
If you're looking for a one-stop solution for handling Web-based downloads, check out HTTP_Download. It bundles all of these features into an incredibly easy-to-use package. For instance, the following snippet is suffice to retrieve a file residing outside of Apache's document root and send it to the browser for download:
$download = &new HTTP_Download(); 
$download->setFile(HTTP_DOWNLOAD_ATTACHMENT, '/home/downloads/sales.pdf'); 

6. Enforcing Coding Standards with CodeSniffer

Returning to the previously discussed matter of following coding standards (see the section introducing PHP_Beautifier), it seems that this task is akin to writing documentation: most developers will avoid it at all costs. Unfortunately, the costs of avoiding either can be pretty high, resulting in lost time and increased maintenance costs. While no known solution can force you or your colleagues to write documentation (although phpDocumentor will certainly help), you might be able to improve upon the adoption of coding standards using PHP_CodeSniffer.
PHP_CodeSniffer is a PEAR package that can parse your project's PHP, JavaScript and CSS files to ensure compliance with coding standards such as those adopted by PEAR. Among other standards it can review your code for are indentation, variable and class naming conventions, comment usage, and control structure formatting. You can also use it to review CSS for gaffes such as style duplication.
If you're interested in learning more about this powerful package, check out the recently published article titled "Enforcing Coding Standards with PHP_CodeSniffer".

7. Fooling Spammers with Text_CAPTCHA

The Completely Automated Public Turing Test to tell Computers and Humans Apart, or CAPTCHA, is an ingeniously simple solution for preventing automated spambots from littering your website's blog comments and other forms with unwanted advertising. Relying on the fact that computers are notoriously bad at certain tasks -- such as notably recognizing the contents of an image -- programmers require humans to respond to a simple challenge in order to successfully submit a form. Such a challenge would include asking the human to echo the contents of a programmatically generated image containing a random string, such as 4Xy98M.
If you're sick of deleting unwanted comment spam and would like to integrate CAPTCHA protection into your forms, check out Text_CAPTCHA. Text_CAPTCHA will generate the image-based text and text field for you, storing the text value in a session variable that you can check once the form has been submitted. If the text field matches the session variable contents, chances are the submitter is human. Otherwise, you can disregard the form.

8. Managing Git Repositories with VersionControl_Git

I'm an avid GitHub user, relying upon the service to manage not only my various software projects, but also my books. I've even gone so far as to integrate Git-driven features into recent projects, which allows me to easily view a project's contents without having to use the command-line or login to Although GitHub offers an API for talking to the service, I'd rather avoid writing my own PHP implementation and instead found VersionControl_Git, a simple object-oriented interface to my local repositories.
Although still a work in progress, VersionControl_Git is already capable of performing the most commonplace repository-related tasks, such as creating a new repository, viewing commit information, and reviewing repository contents.

9. Tweeting with Services_Twitter

To paraphrase the ancient riddle, "If you didn't Tweet about it, did it ever really happen?" If you're adamant about letting the world know about every cup of coffee drank, newspaper article read, and previously lost sock found, check out Services_Twitter, a convenient PEAR package that can send updates to your Twitter account. All you need to do is authenticate using your Twitter account's username and password, and pass along an update using the package's update() method. Using this simple yet effective package, all of your applications can be sending updates to followers in no time.

10. Validating User Input with Validate

Validating user input is difficult, which explains why so many websites are compromised due to the developer's avoidance of this tedious task. Yet there's no excuses for neglecting to validate all user input, because any task that is simultaneously so difficult yet ubiquitous is likely to have been implemented in a PEAR package. Sure enough, the powerful Validate package has been around for some time now, making input validation a breeze.
The Validate package covers basic validation tasks, including validation of numbers, email addresses, and URLs. Locale-specific packages such as Validate_US provide validation tasks specific to the United States, offering validators for phone numbers, zip codes and social security numbers. See the Validate documentation for a complete list of locale-specific validation packages.

About the Author

Jason Gilmore is the founder of the publishing, training and consulting firm He also is the author of several popular books, including "Easy PHP Websites with the Zend Framework", "Easy PayPal with PHP", and "Beginning PHP and MySQL, Fourth Edition". Follow him on Twitter at @wjgilmore.



SkyHi @ Wednesday, December 01, 2010
Hacker Fyodor (Gordon Lynn) wrote nmap to assist in port scanning and network analysis. He published the original source code in Phrack Magazine, Volume 7, Issue 51, Article 11, and now maintains the tool at Security experts all over the world use nmap for simple network checks, detecting open ports and service versions; the NSA keeps a list of security tools and current versions—including nmap, Snort, and Nessus—up on the big board.
nmap does not only detect open ports; it detects services and operating system versions as well. You can use nmap to scan a default range of ports, or a specific subset; it can scan a single host, a range, or a set; and it can find out if hosts are up or down. nmap can become a powerful tool in the hands of a skilled user, for good or for evil.
The nmap network scanning tool supplies a diverse set of options to control its behavior. It can scan multiple hosts and host ranges; utilize various scanning techniques; identify operating systems and service versions; and even perform stealth scanning to avoid triggering certain IDS and IPS utilities.


[edit] Basic use

First, let's cover some basic use of nmap. You should at the very least know how to scan hosts and check for specific ports; these fundamentals will show you what's open on the target network.

[edit] Scanning hosts

Basic use of nmap just involves scanning a target IP address or domain name. For example:
bluefox@ice-ldap:~$ nmap webserv1

Starting Nmap 4.10 ( ) at 2007-04-01 15:52 EDT
Interesting ports on webserv1 (
Not shown: 1644 closed ports, 28 filtered ports
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
199/tcp  open  smux
443/tcp  open  https
1008/tcp open  ufsd

Nmap finished: 1 IP address (1 host up) scanned in 15.142 seconds
In this mode of operation, nmap shows the open ports and the common service carried on that port. nmap will not show services moved to other ports accurately; http on port 21 will read as ftp, for example.
You can specify multiple hosts on nmap's command line as well:
bluefox@ice-ldap:~$ nmap dbserv1 webserv1

Starting Nmap 4.10 ( ) at 2007-04-01 15:56 EDT
Interesting ports on
Not shown: 1667 closed ports
22/tcp   open     ssh
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
199/tcp  open     smux
445/tcp  filtered microsoft-ds
1720/tcp filtered H.323/Q.931
3306/tcp open     mysql
3389/tcp filtered ms-term-serv
5631/tcp filtered pcanywheredata

Interesting ports on webserv1 (
Not shown: 1644 closed ports, 28 filtered ports
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
199/tcp  open  smux
443/tcp  open  https
1008/tcp open  ufsd

Nmap finished: 2 IP addresses (2 hosts up) scanned in 17.001 seconds
As you can see, my Web server exposes too many ports and my MySQL server has a weak firewall; I ran this scan from a DMZ, which has to go through the firewall to enter my network. Here we can see the power of nmap: I know I should switch my firewall to default deny and allow only the services needed through explicitly. nmap identifies filtered ports by a lack of response; closed ports send a TCP packet with a RST flag when you try to open them, indicating the server received the packet and would have allowed you to connect to any service listening on that port.

[edit] Advanced target specification

nmap allows you to use IP address targets for various sets and ranges based on a simple syntax.
  • x-y - Specify from x-y. nmap 192.168.0-1.1-2 will scan,,, and
  • * - Replaced with 0-255. Your shell will probably emit a bunch of file names, so just use 0-255.
  • x,y - Specify x and y. nmap,2,4 will scan,, and Further, nmap,4 will scan the same set of hosts.
  • /n - Scan CIDR notated subnets. nmap operates as nmap 192.168.0-255.0-255 for example.
You can combine these notations in any form you want. For example, if you wanted to scan a few subnets on, you could use nmap 192.168.0,16,64,96.0/4. Usually you will not want to do anything this drastic, and can stick to a single host; however, if you need it, you should know how to do it. Remember, nmap maps networks, not just hosts.

[edit] Scanning ports

  • Switches: -p
Sometimes you don't need to know everything open on a host, sometimes you just want to make sure proFTPd and Apache are up and the SMTP server hasn't died, and see if SSH is listening. For these situations, you can specify ports to scan. Port specification can be manipulated in the same way as target specification, using the x-y and x,y notations.
~$ nmap -p21-22,25,80,443 webserv1
Scanning specific ports lets you check specific issues several orders of magnitude faster. What version of Apache a server has (-sV -p80), whether a server runs MS SQL Server or MySQL (-sV -p1433,3306), if the server runs ssh, etc.

[edit] Service Scans

  • Switches: -sV, -A
nmap has the ability to do service scans and RPC grinding; in other words, it can tell you what high level protocol, application, version, version of libssl if the service supplies an SSL connection, etc., listens on a port instead of matching the port number to the common service. nmap also uses an RPC grinder, which makes RPC connections to ports running an RPC service; typically a single RPC portmapper port tells you which ports run RPC, but if the firewall blocks that then nmap will find it itself.
Let's take a look first at a scan against the server behind me. This server provides a profoundly good example because I've configured it to let me poke holes in my college's firewall, and thus it looks really strange. A typical nmap scan comes out well enough:
bluefox@icebox:/home/shared/qemu$ nmap

Starting Nmap 4.20 ( ) at 2007-04-03 20:58 EDT
Interesting ports on
Not shown: 1688 closed ports
21/tcp  open  ftp
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
81/tcp  open  hosts2-ns
139/tcp open  netbios-ssn
389/tcp open  ldap
443/tcp open  https
445/tcp open  microsoft-ds

Nmap finished: 1 IP address (1 host up) scanned in 0.971 seconds
The above shows FTP, DNS, hosts2-ns, HTTP/SSL, and Microsoft Directory Services (Active Directory). We can take a closer look with an nmap service scan using -sV. The below output gives us something quite different.
bluefox@icebox:/home/shared/qemu$ nmap -sV

Starting Nmap 4.20 ( ) at 2007-04-03 21:01 EDT
Interesting ports on
Not shown: 1688 closed ports
21/tcp  open  ssh         OpenSSH 4.3p2 Debian 5ubuntu1 (protocol 2.0)
22/tcp  open  ssh         OpenSSH 4.3p2 Debian 5ubuntu1 (protocol 2.0)
53/tcp  open  ssh         OpenSSH 4.3p2 Debian 5ubuntu1 (protocol 2.0)
80/tcp  open  http        Apache httpd 2.0.55 ((Ubuntu) PHP/5.1.6)
81/tcp  open  http        Apache httpd 2.0.55 ((Ubuntu) PHP/5.1.6)
139/tcp open  netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
389/tcp open  ldap        OpenLDAP 2.2.X
443/tcp open  ssh         OpenSSH 4.3p2 Debian 5ubuntu1 (protocol 2.0)
445/tcp open  netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
Service Info: OS: Linux

Service detection performed. Please report any incorrect results at .
Nmap finished: 1 IP address (1 host up) scanned in 13.747 seconds
So it seems this server really has Apache serving http on two ports; OpenSSH serving over the FTP, DNS, and HTTPS ports; and Samba providing SMB connections. Further, we can see that the server uses SSH 2.0 protocol on OpenSSH 4.3p2 Debian 5ubuntu1, a native Ubuntu .deb rather than a custom build. We can guess with relative accuracy that this server runs Ubuntu, even without an OS scan; either that or the administrator really doesn't have a clue what he's doing, or has managed to change banners with a rewrite proxy to fool us.
Worth note, the -A switch activates service scanning as well.

[edit] Advanced Port Scans

You can run many types of advanced port scans with nmap. Aside from the standard connect() port scan, nmap requires root access to perform these advanced scans because it needs to create raw sockets and construct raw TCP/IP packets.

[edit] Using nmap with root

The nmap program obtains different information with and without root access. With root access, nmap can perform advanced TCP/IP scans; operating system detection; and MAC address identification.
First let's check out a normal user utilizing nmap with the -A option. nmap -A activates operating system and service scanning, in the same way as nmap -O -sV. Operating system detection requires root access, so OS detection won't work at all. I've performed the below scan against a Linksys WRT54G wireless router.
bluefox@icebox:~$ nmap -A -p80,1

Starting Nmap 4.20 ( ) at 2007-04-04 12:18 EDT
Interesting ports on
1/tcp  closed tcpmux
80/tcp open   http    Linksys wireless-G WAP http config (Name Icelink)
Service Info: Device: WAP

Service detection performed. Please report any incorrect results at .
Nmap finished: 1 IP address (1 host up) scanned in 6.199 seconds
As you can see, nmap simply skips the OS detection phase. When we put nmap into operation as root, however, we see that it can also look up a lot more information. Below, we see it discovered the MAC address and identified the vendor owning that MAC space; the operating system and details about the OS; the uptime; and the network distance. It also gave us a device type; nmap sees a Linux OS used for desktops, wireless routers, or network storage, and thus classifies the device as either general purpose, WAP, or storage.
bluefox@icebox:~$ sudo nmap -A -p80,1

Starting Nmap 4.20 ( ) at 2007-04-04 12:18 EDT
Interesting ports on
1/tcp  closed tcpmux
80/tcp open   http    Linksys wireless-G WAP http config (Name Icelink)
MAC Address: 00:13:10:7D:06:C6 (Cisco-Linksys)
Device type: general purpose|WAP|storage-misc
Running: Linux 2.4.X, Linksys Linux 2.4.X, Asus Linux 2.4.X, Maxtor Linux 2.4.X
OS details: Linux 2.4.20 - 2.4.32, Linux-based embedded device (Linksys WRT54GL WAP,
 Buffalo AirStation WLA-G54 WAP, Maxtor Shared Storage Drive, or Asus Wireless Storage
Uptime: 29.285 days (since Tue Mar  6 04:28:28 2007)
Network Distance: 1 hop
Service Info: Device: WAP

OS and Service detection performed. Please report any incorrect results at .
Nmap finished: 1 IP address (1 host up) scanned in 7.833 seconds
nmap becomes much more powerful with root access; however, for security reasons you should not haphazardly give nmap the SUID permission. You can allow users to run nmap specifically via sudo, but be aware that anything that allows a user to gain root access—SUID bits, sudo, etc—represents a security risk.

[edit] Operating system detection

  • Switches: -O
The -O switch enables nmap operating system detection. OS detection attempts to use characteristics of the target's TCP/IP stack to fingerprint the remote operating system; usually it can identify Linux, Windows, and BSD, and find a general range of versions and families like Windows NT/XP or 95/98/ME. A typical OS Detection scan looks like the below.
bluefox@ice-ldap:~$ sudo nmap -O -P0

Starting Nmap 4.10 ( ) at 2007-04-05 18:43 EDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on
Not shown: 1677 filtered ports
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:76:96:A5:DC (Micro-star International CO.)
Device type: general purpose
Running: Microsoft Windows NT/2K/XP
OS details: Microsoft Windows XP SP2

Nmap finished: 1 IP address (1 host up) scanned in 32.272 seconds

[edit] TCP connect() Scan

  • Switches: -sT
nmap allows a TCP connect() scan in all cases, administrative access or not; when you specify other scan types without root access, nmap automatically substitutes this scan type.
In this scanning mode, nmap opens a connection to the port in the same way a Web browser or FTP client does and checks to see how the TCP/IP stack responds. The following results arise from this scan:
  • open: nmap was able to complete a connection, and then closed the port.
  • closed: nmap tried to connect and got an error informing it that the port was closed (the OS got a RST packet).
  • filtered: nmap tried to connect and the OS gave it some other error, like host or port unreachable or connection time-out.
TCP connect() scans work with all privilege levels, but can execute slowly and produce excess packets. They also usually create more logs on the target, and can crash really poorly programmed services.

[edit] TCP SYN Scan

  • Switches: -sS
The nmap TCP SYN scan uses a simple SYN packet to connect to a port to determine its status. nmap uses this by default whenever it has raw socket privileges.
The TCP SYN scan sends a SYN packet as if opening a connection, and checks the result. The following statuses come from this test:
  • open: nmap got a SYN/ACK from the host on that port. nmap does not have to take further action; the OS has no record of the connection, and responds to the SYN/ACK with a RST, tearing down the connection on the target.
  • closed: nmap got a RST from the host on that port.
  • filtered: nmap got something else, or nothing.
TCP SYN scans execute very quickly, create fewer logs, and act in a more stealthy manner.

[edit] Scanning Firewalls

You can use nmap to penetrate firewalls as well. nmap can perform scans useful for determining whether a firewall uses stateful filtering or not; and which ports a firewall allows through. You can scan targets behind the firewall with this and discover the firewall rules, allowing more targeted scans and possibly evading firewall logging.

[edit] TCP ACK Scan

  • Switches: -sA

[edit] Stealth Scans

Unfortunately, if you scan through certain IPS or IDS machines, you get loads of fluff from proxy ports. This presents a minor annoyance. I had to trim below output, as it contained thousands of lines of text. I've obscured the host I scanned below; I had chosen a live machine on the Internet to scan for this, because I don't have the IPS hardware they use.
Starting Nmap 4.10 ( ) at 2007-04-01 16:14 EDT
Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 undergoing Connect() Scan
Connect() Scan Timing: About 20.95% done; ETC: 16:14 (0:00:09 remaining)
Interesting ports on %%% (%%%):
Not shown: 861 closed ports
2/tcp     open     compressnet
3/tcp     open     compressnet
7/tcp     open     echo
10/tcp    open     unknown
12/tcp    open     unknown
14/tcp    open     unknown
15/tcp    open     netstat
18/tcp    open     msp
19/tcp    open     chargen
20/tcp    open     ftp-data
21/tcp    open     ftp
25/tcp    open     smtp
27/tcp    open     nsw-fe
28/tcp    open     unknown
29/tcp    open     msg-icp
30/tcp    open     unknown
31/tcp    open     msg-auth
32/tcp    open     unknown
33/tcp    open     dsp
34/tcp    open     unknown
35/tcp    open     priv-print
38/tcp    open     rap
39/tcp    open     rlp
40/tcp    open     unknown
41/tcp    open     graphics
43/tcp    open     whois
47/tcp    open     ni-ftp
56/tcp    open     xns-auth
58/tcp    open     xns-mail
59/tcp    open     priv-file
60/tcp    open     unknown
64/tcp    open     covia
66/tcp    open     sql*net
134/tcp   open     ingres-net
135/tcp   filtered msrpc
136/tcp   filtered profile
137/tcp   filtered netbios-ns
138/tcp   filtered netbios-dgm
139/tcp   filtered netbios-ssn
141/tcp   open     emfis-cntl
143/tcp   open     imap
145/tcp   open     uaac
147/tcp   open     iso-ip
148/tcp   open     cronus
149/tcp   open     aed-512
150/tcp   open     sql-net
155/tcp   open     netsc-dev
27001/tcp open     flexlm1
27002/tcp open     flexlm2
27005/tcp open     flexlm5
27007/tcp open     flexlm7
27008/tcp open     flexlm8
27009/tcp open     flexlm9
27010/tcp open     flexlm10
27374/tcp open     subseven
27665/tcp open     Trinoo_Master
31337/tcp filtered Elite
32775/tcp open     sometimes-rpc13
32777/tcp open     sometimes-rpc17
32779/tcp open     sometimes-rpc21
32787/tcp open     sometimes-rpc27
38037/tcp open     landesk-cba
43188/tcp open     reachout
47557/tcp open     dbbrowse
50000/tcp open     iiimsf
54320/tcp open     bo2k
61441/tcp open     netprowler-sensor
65301/tcp open     pcanywhere

Nmap finished: 1 IP address (1 host up) scanned in 23.251 seconds
Fortunately, you can perform a stealth scan to evade this; unfortunately, stealth scans take an order of magnitude longer. Usually a polite scan will do the trick, it causes only 150 packets/minute.
~$ nmap -T polite %%%
The -T option takes one of five arguments, given by name or number. These are:
  • paranoid (0) - No parallel scanning. 5 minutes between sending packets.
  • sneaky (1) - No parallel scanning. 15 seconds between sending packets.
  • polite (2) - No parallel scanning. 0.4 seconds between sending packets.
  • normal (3) - Default scanning. Tries to be very fast without overloading the network.
  • aggressive (4) - Faster than normal, but loads the network.
  • insane (5) - Parallel scans, times out hosts in 15 minutes, won't wait more than 0.3 seconds for an individual probe. Loses a lot of information.
nmap also provides options to control scan time-outs. Combining these with the above provides more fine-tuned scans, for example a scan doing 100 packets per minute:
~$ nmap -T sneaky --scan_delay 600
Let's try the above scan again, politely.
bluefox@icebox:~$ nmap -T polite

Starting Nmap 4.20 ( ) at 2007-04-02 19:52 EDT
Interesting ports on %%% (%%%):
Not shown: 1658 closed ports, 26 filtered ports
21/tcp   open  ftp
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
389/tcp  open  ldap
443/tcp  open  https
1026/tcp open  LSA-or-nterm
1027/tcp open  IIS
1433/tcp open  ms-sql-s
3389/tcp open  ms-term-serv
8000/tcp open  http-alt
9999/tcp open  abyss

Nmap finished: 1 IP address (1 host up) scanned in 693.146 seconds
As we can see, this scan takes 693 seconds instead of 23, 30 times longer.