Sysadmin

💭 What ? Imagine a web server that only starts when someone actually tries to access it. Or a database that spins up only when a query comes in: this is the magic of socket activation. The concept is not new, as old-school sysadmins may are used to see something like inetd or xinetd for on-demand service activation in the past. As some cool projects like cockpit have already started using this little-known feature, in this blog post we’ll see the basics and try to get familiarity with the tooling. ...

👻 Intro While our previous post focused on the core components of LTP tests, today in this part boo two we’re taking a spooky deep dive into the options available in struct tst_test 🦇. The Linux Test Project (LTP) began as a collaborative effort between SGI, OSDL, and Bull. Today, it lives with the joint contributions of industry leaders including IBM, Cisco, Fujitsu, SUSE, Red Hat, Oracle, and others. Its mission remains clear: providing the open source community with comprehensive tests that verify Linux’s reliability, robustness, and stability. 🕸️ ...

👣 Intro Tracing tools are pretty popular in the Unix/Linux ecosystem; for example in the userspace we have ltrace to trace library calls of the programs and strace to dive in deeper and inspect syscall usage. One of the many features that Linux kernel offers since 2008 (then evolved) is ftrace that allows many different kind of tracing at runtime. While not as flexible as eBPF technology, it can be helpful in some occasion and doesn’t require a full fledged programming language. ...

🔐 Intro As an experienced sysadmin, you might be familiar with the traditional “all-or-nothing” approach: if a shell or process is running with UID==0, it can do almost everything on a system; while a plain user process is restricted by some means: tipically it can’t open RAW sockets, can’t bind “privileged” ports under 1024, can’t change a file ownership and so on. Linux capabilities is a feature, gradually introduced starting from kernel 2.2, that permits a more fine-grained control over privileged operations, breaking the traditional binary root/non-root distinction. Just as by using sudo we can run specific commands as another user (even root), without permanently becoming that user, by using capabilities, we can grant a program only certain privileges without having to run it as root. ...