Chapter 12 All about a process running in linux

Program Vs Process 
• A program is an executable file, while a process is a program in execution. A program is a set of instructions written down to do something, while a process is the result of executing a program.

• Process Vs Thread

A process and a thread is almost the same, and the only worthwhile difference between a thread and a process is that threads share the same address space completely and hence require less creation time. Processes are independent execution units that contain their own state information, use their own address spaces, and only interact with each other via inter-process communication mechanisms. A thread is a coding construct that doesn’t affect the architecture of an application. A single process might contains multiple threads; all threads within a process share the same state and same memory space, and can communicate with each other directly, because they share the same variables.
 
• User process is a process run by a human user
• A service or a daemon process which can be time based or event based usually triggered by root or the system itself while on bootup and infact a never ending process which triggers other processes.
• PID – Process ID – The id of a process, each process running on a system is assigned itś own process ID.

• PPID – Parent Process ID – PID of the process that created the child process. pstree shows the relation b/w parent process and other process, starting from init.
• Job ID – Job ID is unique to a shell instance. Can be displayed using the command “jobs”. A process when hit a “Ctrl+Z” shows the job id, when it says Stopped .The command jobs shows background processes, both stopped and running. The process having a + symbol toward the right of job id means that process will be responding to fg without options (without job id being passed as argument) and the – sign to any process, if any indicates that it is that process which inherits the + sign after the process having + sign is done with.
• bg %job_id or bg PID will let the process with job_id to run again.
  

A few process related commands with options:

ps command (process status) will display snapshot information of all active processes.

To display all the processes running in the system

Use “ps aux”, as shown below.

You can also use “ps -ef | more”, to get a similar output

Use ¨pstree¨ to get output like this:

• Nice Value:It is used to run a program with modified scheduling priority . Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable). Nice is to start a process with a priority like nice -n 10 mp3blaster
• Renice – renice is to change the priority of an existing process like : renice 10 PID

• kill – terminate a process
  The command kill sends the specified signal to the specified process or process group. If no signal is specified, the TERM signal is sent.
• kill - kill %job_id or kill PID / man 7 signal
• kill -15 PID – cleaner or soft killing of process – SIGTERM
• kill -9 PID – hard kill – SIGKILL
• kill -19 PID – Stop the process – STOP
• kill -18 PID – resume the stopped process – SIGCONT
• kill -2 PID – equivalent to Ctrl + C – SIGINT
• kill -1 PID – Hangup – SIGHUP
• kill -3 PID – end process & core dump
• killall

More information regarding ‘kill’ can be found at the man page

[root@localhost ~]# man kill

Top – Display Linux tasks

The top program provides a dynamic real-time view of a running system. It can display system summary information as well as a list of tasks currently being managed by the Linux kernel.

top – Sort by CPU -> P

Sort by MEM -> M

Sort by PID -> N

Kill by PID -> k

Renice by PID -> r

List by user -> u

Active processes or non idle process -> i

• nohup – will stop a process from being killed even if you logs off the system before it completes. It ignores the hangup and quit signals.
• pgrep – process grep.

pgrep looks through the currently running processes and lists the process IDs which matches the selection criteria to stdout. All the criteria have to match.

For example, pgrep -u root sshd

• pidof – find the process ID of a running program. finds the process id’s (pids) of the named programs. It prints those id’s on the standard output. An example is given below

• PPID – Parent Process ID

The process parent PID, the creator of the process.

• STAT – Process Status

These functions return information about the specified file. You do not need any access right to the file to get this information but you need search rights to all directories named in the path to the file.

TTY – Controlling Terminal

It print the file name of the terminal connected to standard input .

[root@localhost ~]# tty

/dev/pts/5

• PRI – Priority number.

Lower the number, higher the priority, from +19 to -20. The priority numbers available for the system is from +39 to -60, while -20 to -60 is reserved for kernel threads. A normal user can have priorities from 0 to +20, and negative values as well as reducing the values are allowed only to root.

NI – Dynamic priority value , ranges from +19 to -20

TIME – total CPU time used

Process Status (STAT) Codes can be of any of these.

D uninterruptible sleep (usually IO) – cannot be terminated at the moment.

R runnable (on run queue) – can be run

S sleeping – waiting for an external event

T traced or stopped – is suspended.

Z a defunct (“zombie”) process – has terminated itself.

X Extinct – is dead

Setting limits on the number of processes that can run.

The command “ulimit” is used to limit the number of processes users can run along with available system resources. All processes which will be started from the shell (bash in many cases), will have the same resource limits. To set the limits for daemons which are running at boot time add ulimit

command to boot scripts. See apache startup script.

/etc/security/limits.conf

For example:

[root@localhost ~]#ulimit -S -m 1000000
[root@localhost ~]# ulimit -S -v 500000

With this value set, the system will kill any process that tries to take up more resources than you have set as a limit.

cPanel Website Transfer – Part 2 – cPanel to cPanel Migration

Transferring a Website from One cPanel server to another

Skill Level : Beginner

In this post, I will explain how to transfer a website from one cPanel server to other.

Pre Requisites

Server Platform : Linux

User requires     : cPanel and SSH access (root) to at-least the Destination server (where the account is restoring)

The Process

From the Target server, Generate a Full cPanel backup of the account using either cPanel or through root shell access.

(i) By cPanel

Login to cPanel. Go to Files -> Backups

Click “Download or Generate a Full Website Backup”. Choose Backup Destination as “Home Directory” (Make sure you’ve enough Disk Space before you proceed) and a valid E-mail address to notify you once the Backup is generated.

Once the Backup is completed, a mail will arrive on the E-mail you’ve mentioned above (if specified) and the ‘Backups Available for Download’ will be populated with the name of the backup file generated like :

Do you know why the backup generated is the form tar.gz ? Its because, in the tar format all files are preserved with their appropriate permissions and then its compressed to gz (gzip) for obtaining the least possible file size.

The process in the Target server is finished. Now login as Root in the server which requires the account to be restored. We’ve to download the backup file generated there to this server. There are number of ways to do this. Some are weird

Method 1

If you have the cPanel details of that server, you can use it for FTP access. And since the Backup is generated on the Home directory there, its all about downloading the backup.

# root@server [/home]# ftp oldserver.com or IP

Connected to oldserver.com.
220———- Welcome to Pure-FTPd [privsep] [TLS] ———-
220-You are user number 3 of 50 allowed.
220-Local time is now 17:28. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (oldserver.com:root): user
331 User user OK. Password required
Password:
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> get backup-6.2.2011_06-23-57_account.tar.gz

This will download the backup. You need root access to restore it. Before you restore you need to check whether there is an account or domain which already exists by the name which you intend to restore.

cPanel script to check whether the domain/account name exists

# grep account /etc/userdomains

Method 2

Generating a cPanel backup through Remote FTP (Passive Mode transfer)

It is possible to generate a Remote backup of the account in a server, where the backup has to be restored. Go to cPanel -> Backups -> Download or Generate a Full website backup. Select the Backup Destination as Remote FTP Server (passive mode transfer). Follow the screenshot :

cPanel script to restore the account

# nice -n 19 /scripts/restorepkg –skipres <username>

For the script to run, the backup should be in any of the following locations in the server :  /, /home, /home2, /home3, /misc, /net, /root, /usr, /usr/home, /var/lib/nfs/rpc_pipefs, /var/tmp, /web

This feature will restore full backups, cPanel backups and cPanel move files in one of the following formats:

cpmove-{USER}
cpmove-{USER}.tar
cpmove-{USER}.tar.gz
USER.tar
USER.tar.gz
backup-{BACKUP-DATE_TIME}_{USER}.tar
backup-{BACKUP-DATE_TIME}_{USER}.tar.gz

SSL Installation in a cPanel based server

What is SSL

SSL (Secure Sockets Layer) is a cryptographic protocol which ensure the security of communication over the Internet. SSL encrypt the segments of network connections above the Transport Layer, using symmetric cryptography for privacy and a keyed message authentication code for message reliability.

How SSL works

Web servers and Web browsers rely on the SSL protocol to create a unique encrypted channel for private communications over the Internet. The SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decrypt it. When a Web browser points to a domain which is secured by SSL, a level of encryption is established based on the type of SSL Certificate as well as the client Web browser, operating system and host server’s capabilities. This is why SSL certificates feature a different range of encryption levels.

Obtaining an SSL Certificate

Domain example.com needs an SSL Certificate. The following steps are involved in it :

a) Example.com generates a CSR (Certificate Signing Request) and during this process, a private key is generated.
b) With this CSR, Example.com goes to a trusted, third party Certificate Authority like Verisign. They take the Certificate Signing Request and validates example.com. The Certificate Authority validates example.com.
c) When the validation process is complete, the third party Certificate Authority gives a new public key (certificate) encrypted with their private key.
d) Example.com installs the new certificate and gets secured.

Installing SSL

(i) Through cPanel/WHM
Its quite easy to install SSL through cPanel/WHM interface.

Generating CSR

Under Security tab, click SSL/TLS Manager.

Generate the Private Keys first by accessing the option Generate, view, upload or delete your private keys

Access the option Generate, view, or delete SSL certificate signing requests. Fill in the forms like Domain Name, E-mail Address, Country etc.

You will obtain the CSR. Contact the Certificate provider with this information. The Certificate Authority will then provide the Certificate (CRT). Finally you will have the following files associated with SSL :

CSR in the format domain.com.csr or domain_com.csr

CA bundle, which have the Public key of the Certificate Authority in the format domain.com.cabundle or domain_com.ca-bundle

CRT, the certificate in the format domain.com.crt or domain_com.crt

Private key in the format domain.com.key or domain_com.key

Method 1 : Installing from cPanel

1. Go to SSL/TLS Manager.
2. Click Generate, view, upload, or delete your private keys.
3. Under the Upload a New Certificate section, click on the Browse button (next to Choose a .crt file option) and find the Domain Certificate file (example.crt) that you obtained from the SSL vendor. Alternatively you can paste the Certificate contents on the section Paste the crt below. Make sure to include the BEGIN and END tags, while copying your certificate. Click the Upload button.
4. Go Back and click Return to SSL Manager at the bottom of the page.
5. Click on Setup a SSL certificate to work with your site. If this option is not available, your web host may have disabled it. You will need to contact them for further support.
6. Now, select the domain you are using from the Domain drop down menu. It will attempt to fetch the SSL Certificate and the private key. If this doesn’t work, you may need to contact your web host.
7. In the box labeled CA Bundle paste the contents of the Intermediate certificate (DigiCertCA.crt).
8. Click Install Certificate. Your SSL certificate should now be installed, and the website configured to accept secure connections. You or your web host may need to restart Apache before it will work.

Method 2 : Installing from WHM

You can install SSL certificate from WHM also. Its quite simple when compared to the installation through cPanel. All you need is the root access to WHM. Once you login to the WHM, search for the option Install a SSL Certificate and Setup the Domain.

You’ll find three boxes. Paste the CRT file contents in the first box. It will automatically fetch the Key and CA Bundle (In most cases, CA bundle needs to be fetched manually). Finally click Submit once all the fields are populated. You’ll see a message that indicates the installation is successful

Method 3 : Manual Installation

You need the Server Root shell access for this. Go to the Apache configuration file in the server, in the cPanel case its /usr/local/apache/conf/httpd.conf. Locate the VirtualHost entry configured for SSL. Configure it like :

<VirtualHost xxx.xxx.x.xx:443>
 ServerName example.com
 ServerAlias www.example.com
 DocumentRoot /home/example/public_html
 SSLEngine on
 SSLCertificateFile /usr/share/ssl/certs/example.com.crt
 SSLCertificateKeyFile /usr/share/ssl/private/example.com.key
 SSLCACertificateFile /usr/share/ssl/certs/example.com.cabundle
</VirtualHost>

where SSLCertificateFile is the SSL certificate file path, SSLCertificateKeyFile is the Key file path, SSLCACertificateFile is the path to the Intermediate file. Make sure you’ve the files in the specified path (It may vary on different scenarios). Restart the Web server and you’re done.

cPanel Website Transfer – Part 1 – Changing an Add-on Domain to a Primary Domain

Converting an Add-on Domain to a Primary Domain

Skill Level : Beginner

In this post, I will explain how to convert an add-on domain to a primary domain. Considering a complex case, lets consider the primary domain should be a different one from the one that holds the Add-on domain.

Pre Requisites

Server Platform : Linux

User requires     : cPanel and SSH access (root)

This is a Site transfer. Also both the sites I’ve mentioned here is on same server.

Case

The Add-on Domain under a website has to be converted as its Primary Domain. If you have a Full backup, its another case. I’ll explain it in another post.

Solution

Lets consider the Add-on Domain is addon.com under the user admin and the document root of the add-on domain is :

/home/admin/public_html/addon

Now it should be transferred as the Primary Domain

* Using WHM Create a New account primary.com, the document root is then say /home/primary
We’ve to transfer the whole data from /home/admin/public_html/addon.com to /home/primary/public_html first.

* The Steps will be :

root@server [/home/admin/public_html/addon]# cp -r ./* /home/primary/public_html

This will recursively copy everything inside the PWD to the specified location
(Read the rest of this entry…)

Worried about email migrations and mail syncing – get getmail for the rescue

Most of the hosting providers offer free server migration. The free website migration started as early as 2005, in the industry. But only a few providers offer the email migration for a website transfer involving different control panels. So using getmail is the easiest way to transfer emails. All we need is to create the email account in the new server and configure the getmail to transfer the emails.

Download getmail at http://pyropus.ca/software/getmail/old-versions/getmail-4.20.3.tar.gz

wget http://pyropus.ca/software/getmail/old-versions/getmail-4.20.3.tar.gz
tar xzf getmail-4.20.3.tar.gz
cd getmail*
python setup.py install

Now you have to create a getmailrc , the getmail configuration file inside the home folder of the user. getmailrc need not be inside the home directory. You have to create the folder .getmail where getmail keeps a log of the emails retrieved based on each configuration file you may have.You can have multiple destination and retriever sections in one single getmailrc as well.

I must say getmail is so much flexible and rightly coded when the mailsync or imapsync didn’t do their job right or up to the mark. And is an excellent replacement for fetchmail. It supports POP, POP3S, IMAP4 and IMAPS, and also can store the mails retrieved in mbox or maildir format at the destination.

An extremely simple getmailrc file will look like this

[retriever]
type = SimpleIMAPRetriever
server = mail.domain.com
username = direct@domain.com
password = direct

[destination]
type = Maildir
path = /home/cpusername/mail/.direct@domain_com/

The file format should be pretty self-explanatory. You’re telling getmail to fetch your email from server, mail.domain.com by logging to it using the mentioned username and password. The destination section mentions where to store the retrieved email and in which format (Maildir or mbox or mboxrd). Make sure that the cur, new and tmp are there inside those folder though. However getmail may create those folders automatically though.

Finally to get this going, just run “getmail –rcfile getmailrc”

Once you run it, assuming that the getmailrc is properly configured, you will be welcomed by a below output.

getmail version 4.20.3
Copyright (C) 1998-2009 Charles Cazabon.  Licensed under the GNU GPL version 2.
SimpleIMAPRetriever:direct@domain.com@mail.domain.com:143:
 msg    1/3983 (299328 bytes) delivered
 msg    2/3983 (2815 bytes) delivered