glossary.md

📕 Glossary

Defines all the specific terms and vocabulary used throughout

Participants should use this glossary to ensure consistency and avoid the following happenstances.

• referring to the same thing using different names
• referring to different things using the same name (even worse)

---

/etc/

Host-specific System Configuration

Purpose

The /etc/ hierarchy contains configuration files. A "configuration file" is a local file used to control the operation of a program; it must be static and cannot be an executable binary.¹

^{To be clear, /etc/ may contain executable scripts, such as the command scripts commonly called by init to start and shut down the system and start daemon processes. "Executable binary" in this context refers to direct machine code or pseudocode not in a human-readable format, such as native ELF executables.}

Requirements

No binaries may be located under /etc/.¹

The following directories, or symbolic links to directories are required in /etc/:

Directory	Description
opt	Configuration for /opt/

Specific Options

The following directories, or symbolic links to directories must be in /etc/, if the corresponding subsystem is installed:

Directory	Description
X11	Configuration for the X Window system (optional)
sgml	Configuration for SGML (optional)
xml	Configuration for XML (optional)

^{Systems that use the shadow password suite will have additional configuration files in /etc/ (/etc/shadow/ and others) and programs in /usr/sbin/ (useradd, usermod, and others).}

The following files, or symbolic links to files, must be in /etc/ if the corresponding subsystem is installed:

File	Description
csh.login	Systemwide initialization file for C shell logins (optional)
exports	NFS filesystem access control list (optional)
fstab	Static information about filesystems (optional)
ftpusers	FTP daemon user access control list (optional)
gateways	File which lists gateways for routed (optional)
gettydefs	Speed and terminal settings used by getty (optional)
group	User group file (optional)
host.conf	Resolver configuration file (optional)
hosts	Static information about host names (optional)
hosts.allow	Host access file for TCP wrappers (optional)
hosts.deny	Host access file for TCP wrappers (optional)
hosts.equiv	List of trusted hosts for rlogin, rsh, rcp (optional)
hosts.lpd	List of trusted hosts for lpd (optional)
inetd.conf	Configuration file for inetd (optional)
inittab	Configuration file for init (optional)
issue	Pre-login message and identification file (optional)
ld.so.conf	List of extra directories to search for shared libraries (optional)
motd	Post-login message of the day file (optional)
mtab	Dynamic information about filesystems (optional)
mtools.conf	Configuration file for mtools (optional)
networks	Static information about network names (optional)
passwd	The password file (optional)
printcap	The lpd printer capability database (optional)
profile	Systemwide initialization file for sh shell logins (optional)
protocols	IP protocol listing (optional)
resolv.conf	Resolver configuration file (optional)
rpc	RPC protocol listing (optional)
securetty	TTY access control for root login (optional)
services	Port names for network services (optional)
shells	Pathnames of valid login shells (optional)
syslog.conf	Configuration file for syslogd (optional)

mtab does not fit the static nature of /etc/: it is excepted for historical reasons.¹

^{On some Linux systems, /etc/mtab may be a symbolic link to /proc/mounts, in which case this exception is not required.}

/etc/fstab ⚓

⑪📑

A configuration file that contains entries identifying the storage device partitions Linux should mount at boot time.

👁️‍🗨️ Learn more…

/etc/mtab

A dynamic file that identifies the currently mounted partitions on the Linux system.

/etc/rsyslog.conf

The main configuration file for rsyslog, you can specify the rules according to which rsyslogd handles the messages. Generally, you can classify messages by their source and topic (facility) and urgency (priority), and then assign an action that should be performed when a message fits these criteria.²

In /etc/rsyslog.conf, you can also see a list of log files maintained by rsyslogd. Most log files are located in the /var/log/ directory. Some applications, such as httpd and samba, store their log files in a subdirectory within /var/log/.²

Additional resources

• The rsyslogd(8) and rsyslog.conf(5) man pages.
• Documentation installed with the rsyslog-doc package in the /usr/share/doc/rsyslog/html/index.html file.²

A

access control list (ACL)

⑮📑

A detailed method of assigning granular user and group permissions to files and directories in a Linux system distinct from and more advanced than that which is governed by the chmod command; involves setting an access control list (ACL) for each file and directory.

ACLs allow system administrators to define not just read, write, and execute permissions for multiple users or groups but also more advanced rules like set user ID on execution, set group ID on execution, and inherited permissions.

On the flip side, ACLs allow file owners to specify extended access information about a file, granting additional rights to users/groups other than those owning the file. This form of discretionary access control allows users to manage their own collaborative projects without intervention of system administrators to maintain groups, but also without granting rights to all users on the system via use of the "other" permission bits.³

The setfacl command allows one to set these permissions, and the getfacl command allows one to view these permissions as they exist in real-time.

For example, an ACL could allow user Bob read/write access to file1.txt while denying access to file2.txt, allow the sysadmin group full access to a set of configuration files, and set the setuid bit on a program while removing access for other users.

ACLs are implemented as extended attributes in the [Linux ext file systems][] and store the security rules in the metadata of the file or directory being protected rather than altering the standard Unix permission bits. This allows them to augment and extend the standard Unix file permissions model and are critical for implementing least privilege and defense in depth when securing sensitive Linux resources.

The next level of security involves setting context-based permissions à la SELinux (for Red Hat–based Linux distributions) and AppArmor (for Debian-based Linux distributions).

AppArmor

⑮📑

An application used by Debian-based distributions to implement context-based permissions for applications.

B

C

chgrp

⑮📑

A command-line command that allows the owner or system administrator to change the group assigned to a file or directory.

chmod

⑮📑

A command-line command that allows the system administrator to change the permissions assigned to a file or directory.

chown

⑮📑

A command-line command that allows the system administrator to change the owner of a file or directory.

Community Enterprise Operating System (CentOS)

A Linux distribution derived from the sources of Red Hat Enterprise Linux (RHEL).⁴

D

doas

⑮📑

A command-line command that allows a way to perform commands as another user. It aims to be a a simplified and lightweight replacement for sudo. doas is easy to configure and use and suits most use cases.⁵ The doas tool was originally developed for OpenBSD as a simpler and safer sudo replacement and was released with OpenBSD 5.8 in October 2015 replacing sudo.⁶⁷

For a smooth transition from sudo to doas and to stay downward compatible, one may add the following to one's own shell environment.⁸

alias sudo='doas'
alias sudoedit='doas rnano'

Docker image

An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run.⁹

Docker image layer

The order of Dockerfile instructions matter. A Docker build consists of a series of ordered build instructions. Each instruction in a Dockerfile roughly translates to an image layer. The following diagram illustrates how a Dockerfile translates into a stack of layers in a container image.¹⁰

From Dockerfile to layers

Docker images have intermediate layers that increase reusability, decrease disk usage, and speed up docker build by allowing each step to be cached. These intermediate layers are not shown by default.¹¹

Each RUN instruction will create a new layer in the resulting image. Therefore squashing consecutive RUN instructions will reduce the layer count (see https://docs.docker.com/develop/dev-best-practices/). In addition to that, each RUN instruction runs in its own shell, which can be the source of confusion when part of a RUN instruction changes something about the environment, because these changes may vanish in the next RUN instruction.¹²

E

F

facility

The type of event logged by syslog.

Fedora

The upstream source of the commercial Red Hat Enterprise Linux distribution.¹³

G

getfacl

⑮📑

A command-line command that displays the advanced access control list (ACL) permission entries for a file or directory.

Group Identification Number (GID)

⑮📑

A number that is used by Linux to identify groups.

H

Hypervisor

Also known as a virtual machine monitor or VMM, is software that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, such as memory and processing.¹⁴

Type 1 Hypervisor

Also known as bare-metal or native hypervisor. It runs directly on the host's hardware and controls the hardware; manages and monitors guest operating systems, which run on a separate level above the hypervisor.

Type 2 Hypervisor

Also known as hosted hypervisor. It runs as a software layer on an operating system (the host OS), like other computer programs. Guest operating systems run on a third level above the hardware (within host OS).

Fig. | Depiction of hypervisors type one and two.

I

inheritance

⑮📑

The Linux system assigns the access control list (ACL) permissions assigned to a directory to all files contained within the directory.

J

K

L

M

mount ⚓

⑪📑

The mount command allows users to mount, i.e., attach additional child filesystems to a particular mount point on the currently accessible filesystem.

Learn more…

To temporarily mount a filesystem to the Linux virtual directory, use the mount command; the basic format for the mount command is:

$ mount -t fstype device mountpoint

Use the -t command-line option to specify the filesystem type of the device:

$ sudo mount -t ext4 /dev/sdb1 /media/usb1

If one specifies the mount command with no parameters, it displays all devices currently mounted on the Linux system. Be prepared for a long output though, as most Linux distributions mount many virtual devices in the virtual directory to provide information about system resources. Listing 11.1 shows a partial output from a mount command.

$ mount
...
/dev/sda2 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
/dev/sda1 on /boot/efi type vfat
 (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859
-1,shortname=mixed,errors=remount-ro)
...
/dev/sdb1 on /media/usb1 type ext4 (rw,relatime,data=ordered)
/dev/sdb2 on /media/usb2 type ext4 (rw,relatime,data=ordered)
rich@rich-TestBox2:~$

Listing 11.1 | Output from the mount command.

To save space, the output from the mount command was trimmed down to only show the physical devices on the system. The main hard drive device (/dev/sda) contains two partitions, and the USB memory stick device (/dev/sdb) also contains two partitions.

The mount command uses the -o option to specify additional features of the filesystem, such as mounting it in read-only mode, user permissions assigned to the mount point, and how data is stored on the device. These options are shown in the output of the mount command. Usually, one may omit the -o option to use the system defaults for the new mountpoint.

The downside to the mount command is that it only temporarily mounts the device in the virtual directory. On rebooting the system, one must still manually mount the devices again. This is usually fine for removable devices, such as USB memory sticks, but for more permanent devices, it would be nice if Linux automatically mounted them for us — fortunately for us — Linux can do just that.

To remove a mounted drive from the virtual directory, use the umount command (note the missing “n”). One may remove the mounted drive by specifying either i) the device filename or ii) the mountpoint directory.

N

O

octal notation

⑮📑

The method of defining standard Unix file permissions of owner, group, and other using three octal numbers.

Oracle VM VirtualBox

Runs multiple Linux distributions at the same time, assuming that hardware has enough resources.

P

Q

R

RSyslog ⚓

⑰📑

A faster syslog program for Linux. ⚓

Learn more…

The project claims the r stands for rocket fast. Speed is the focus of the rsyslog project and the rsyslog application had quickly become the standard logging package for many Linux distributions.

It offers high performance, great security features, and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of Swiss army knife of logging, being able to:

• accept inputs from a wide variety of sources
• transform them
• output the results to diverse destinations

Rsyslog has a strong enterprise focus but also scales down to small systems. It supports, among others, MySQL, PostgreSQL, failover log destinations, ElasticSearch, syslog/tcp transport, fine grain output format control, high precision timestamps, queued operations, and the ability to filter on any message part.¹⁵

---

History of Rsyslog in Debian

Deprecation in Bookworm

“In Bookworm, since the persistent journal from Systemd's journald has been activated and most log messages would end up being written twice on disk, the rsyslog package has been demoted from the Important to the Optional priority, which means it is no longer installed by default in a base Debian system”

—🔗https://wiki.debian.org/Rsyslog

rsyslogd ⚓

⑰📑

The SysVinit method of logging events on a server and accepting log events from remote servers.

Learn more…

The rsyslogd daemon also provides extended filtering, encryption-protected relaying of messages, input and output modules, and support for transportation using the TCP and UDP protocols.²

See entry for /etc/rsyslog.conf, which is the main configuration file for rsyslog.

S

security context

⑮📑

Used in context-based permissions applications such as SELinux to define a user, role, and type assigned to a file or directory.

Security-Enhanced Linux (SELinux)

⑮📑

An application commonly used on Red Hat-based Linux distributions to implement context-based permissions.

Set Group ID (SGID) bit

⑮📑

A bit set on a directory that forces all files created in the directory to have the same group assigned as the directory and not that of the user who creates the file.

Set User ID (SUID) bit

⑮📑

A bit set on a file that allows standard users the ability to run the file as the file owner.

setfacl

⑮📑

A command-line command to set the access control list (ACL) permissions for a file or directory.

severity

The importance of event logged by syslog.

sticky bit

⑮📑

A bit set on a file that prevents users from deleting the file unless they are the file owner, even if the user is a member of the group that has write permissions to the file.

su

⑮📑

A command-line command that allows users to run applications as another user account on the system.

sudo

⑮📑

A command-line command that allows users to run commands with root privileges.

sudoedit

⑮📑

A command-line command that opens the specified file in an editor using the root account privileges.

Syslog

A de facto Unix and Linux protocol for storing event messages.

The syslog protocol has become the de facto standard for most Linux logging applications. It identifies events using a facility code, which defines the event type, and a severity, which defines how important the event message is. The sysklogd, syslogd-ng, and rsyslogd applications all use the syslog protocol for managing system and application events in Linux.

sysklogd

The original Syslog application; includes two programs:

1. syslogd: to monitor the system and applications for events
2. klogd: to monitor the Linux kernel for events

syslogd-ng

An application that is used to manage log messages and implement centralized logging where the aim is to collect log messages of several devices on a single and central log server. This program added advanced features, such as message filtering and the ability to send messages to remote hosts.

syslog-ng is available on a number of different Linux and Unix distributions. Some install it as the system default, or provide it as a package that replaces the previous standard syslogd. Several Linux distributions that used syslog-ng have replaced it with rsyslog.¹⁶

Systemd

A system and session manager for Linux, compatible with System V and LSB init scripts.¹⁷ The main features are:

• provides aggressive parallelization capabilities
• uses socket and D-Bus activation for starting services
• offers on-demand starting of daemons
• keeps track of processes using Linux cgroups
• supports snapshotting and restoring of the system state
• maintains mount and automount points
• implements an elaborate transactional dependency-based service control logic

systemd-journald

This is part of the Systemd application for system startup and initialization. Many Linux distributions are now using this for logging. It does not follow the syslog protocol, but uses a completely different way of reporting and storing system and application events.

T

U



Ubuntu

An open-source operating system based on the Debian Linux distribution.

Unix access mode

⑮📑

A particular form of access permitted to a file.¹⁸

Unix file permissions

⑮📑

The base standard POSIX file access control mechanism that uses file permission bits for the file permission model and is found on almost all Linux and Unix-like systems nowadays.

V

W

X

Y

Yet another Setup Tool (YaST)

An operating system setup and configuration tool unique to openSUSE. It can be thought of as a command-center utility; allows the control of many system services from one interface.

Z

Footnotes

1. https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s07.html ↩ ↩² ↩³

2. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_configuring-a-remote-logging-solution_configuring-basic-system-settings#the-rsyslog-logging-service_assembly_configuring-a-remote-logging-solution ↩ ↩² ↩³ ↩⁴

3. http://www.watson.org/fbsd-hardening/posix1e/acl/ ↩

4. https://www.redhat.com/en/topics/linux/what-is-centos ↩

5. https://why-openbsd.rocks/fact/doas/ ↩

6. https://en.wikipedia.org/wiki/Doas ↩

7. https://wiki.gentoo.org/wiki/Doas ↩

8. https://wiki.archlinux.org/title/Doas ↩

9. https://docs.docker.com/get-started/overview/#images ↩

10. https://docs.docker.com/build/guide/layers/ ↩

11. https://docs.docker.com/engine/reference/commandline/images/#description ↩

12. https://app.deepsource.com/directory/analyzers/docker/issues/DOK-W1001 ↩

13. https://docs.fedoraproject.org/en-US/quick-docs/fedora-and-red-hat-enterprise-linux/#relationship-between-fedora-and-red-hat-enterprise-linux ↩

14. https://www.vmware.com/topics/glossary/content/hypervisor.html ↩

15. https://www.rsyslog.com/doc/master/index.html ↩

16. https://en.wikipedia.org/wiki/Syslog-ng#Distributions ↩

17. https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-systemd.html#sec-boot-systemd-whatissystemd ↩

18. https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_03 ↩