Why open source software is not really free

Posted on By Mark Wilson

There’s a common misconception that open source software is free – as in doesn’t cost anything – and conversely that proprietary software is expensive.

I’d often wondered how this was aligned with the sale of packaged distributions of free software (it turns out I’m not the only one – a UK trading standards department were also confused by the sale of Firefox CDs – thanks to Slashdot via Slashdot Review for causing me to laugh out loud about that one…). Actually, it turns out that open source software is only free as in free speech – not as in free of charge. Sometimes it is free of charge too, but the two most common open source licensing models (GNU and BSD) do not prohibit the sale of “free software”.

GNU (a recursive name – GNU’s Not Unix) is a project, started by Richard Stallman in 1984 to create a free Unix clone, managed by the free software foundation (GNU/Linux is the kernel developed as a result of that project). GNU’s definition of free software says in part:

    • The freedom to run the program, for any purpose (freedom 0).
    • The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
    • The freedom to redistribute copies so you can help your neighbor (freedom 2).
    • The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

    2. “Free software is a matter of the users’ freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software:A program is free software if users have all of these freedoms. Thus, you should be free to redistribute copies, either with or without modifications, either gratis or charging a fee for distribution, to anyone anywhere…

    …’free software’ does not mean ‘non-commercial’.”

The GNU general public license (GPL) encourages free software, but all enhancements and changes to GPL software must also be left as GPL. In effect, the software is free to enhance, but not necessarily free to purchase.

Where code is derived from the University of California at Berkeley BSD project, a separate licensing agreement applies. Many commercial software vendors prefer to use the BSD license, because it lets them wrap open source code up in a proprietary product. As Linux Format magazine paraphrased this month, “In a nutshell, the BSD licence says, ‘do what you like with the code – just don’t claim you wrote it'”. The BSD code would still be free, but the developers don’t have to release all of the source code for the entire product.

Whilst I’m writing about non-copyright licensing agreements, it’s worth mentioning creative commons. Not limited to software products, this is a licensing alternative to copyright for all creative works, building on the “all rights reserved” concept of traditional copyright to offer a voluntary “some rights reserved” approach.

I’m really interested in the rise of Linux as an alternative to Windows; however it’s not about stripping out software purchase costs. Purchasing a version of Linux with a predictable development cycle and a support entitlement (e.g. Red Hat Enterprise Linux or Novell/SUSE Linux Enterprise) can be just as (or even significantly more) expensive as a copy of Windows and management costs need to be considered too. For as long as the majority of IT organisations are geared up to provide almost exclusively Windows support, Linux support costs will be higher too.

A quick introduction to Linux for Windows administrators

Posted on By Mark Wilson

Linux penguinI’ve written previously about my various attempts to cross-train in Windows and Unix. Recently, I began running Sun Solaris 10 x86 on one of my machines, more recently I’ve installed SUSE Linux 10.0 and this week, I’m attending a training course to learn about Red Hat Enterprise Linux.

What follows might be useful for anyone thinking of making the switch (or just picking up some new skills). I should stress that I’m a Unix/Linux newbie (unless you count some Unix systems programming back at uni’ in the early 90s) so these notes are probably incomplete and I might come back and edit them later. I don’t intend this to be a guide for integrating Linux and Windows either – more of a quick conversion for Windows administrators starting to work with Linux. Also, whilst these notes are based on Red Hat Enterprise Linux 4, they should hold true for most recent Linux distributions (I’ve tested them on SUSE Linux 10.0) and they shouldn’t be too alien for other Unix variants (although the commands may be a little different).

Whatever the Linux distribution, the kernel is controlled by kernel.org. This is the part of the operating system based on the original work by Linus Torvalds. The differences between Linux variants come at the next level with the various utilities added as part of individual distributions, including the graphical environments (e.g. GNOME and KDE).

Some vendors (e.g. Red Hat and Novell) have split their products into a free-to-download version with frequent upgrades and rapid adoption of new technology (e.g. Fedora, SUSE) and a more stable version with predictable release cycles and a subscription-based licensing model including support (e.g. Red Hat Enterprise Linux, SUSE Enterprise Linux), aimed at corporates who need to maintain standards. Some distributions also include utilities for keeping the system up-to-date (although these may also require an appropriate entitlement).

Installation of a Linux system is generally straightforward. The major distributions make life easy with bootable CDs and DVDs and comprehensive setup/installation routines (e.g. YaST). Having said that, if problems are encountered, they are not always easy to resolve (it took me considerable time to resolve a recent issue with installing SUSE 10.0 on an IBM ThinkPad).

Once installed, Linux can be used in either command line interface (CLI) or graphical user interface (GUI) mode. Unlike modern Windows operating systems, the Linux GUI is separate from the operating system itself and it is possible to run several CLI and GUI sessions (called virtual consoles) simultaneously. By default Ctrl-Alt-F1 to Ctrl-Alt-F6 are CLI user virtual consoles, whilst Ctrl-Alt-F7 will run a GUI interface. Multiple GUI sessions can be started using the startx command.

The Linux root user is analogous to the Windows administrator but (largely because Linux expects users logged in as root to know what they are doing) Linux doesn’t tend to issue “are you sure?” prompts and so it is far easier to perform something destructive by mistake when logged in as root. Although it’s also good practice to run as an unprivileged user in Windows, this should definitely be the norm in Windows. Many GUI applications (and some CLI ones) allow for escalation of privileges (in a similar manner to the user access protection feature in Windows Vista).

As for Windows (with command, cmd, wsh and soon msh), Linux has a variety of shells/command interpreters available for use. Linux distributions use the Bourne-again shell (bash) by default but may also ship with other shells including the original Bourne shell (sh), C shell (csh) and Korn shell (ksh).

Linux uses the X Window system for GUI operation; however X Window doesn’t dictate the look and feel – it is simply an application that provides the ability to draw on the screen. X Window is a client/server application, with the X server handling the monitor, keyboard and mouse and various X clients interacting with the X server. Examples of these X clients include the display manager (handling logins), the window manager that controls the look and feel (e.g. Metacity, KWin), the desktop environment (e.g. GNOME, KDE) and a variety of other x client applications (file browsers, web browsers, terminals, etc.). The two main X Window systems are XOrg and XFree86.

Linux has a system of runlevels, similar to the Windows concepts of recovery console, the various safe modes, and normal operation. For Linux, the runlevels are:

  • 0 – shut down.
  • 1 – systems maintenance (single user mode).
  • 2 – multi-user (no file sharing).
  • 3 – multi-user with file sharing (effectively a running system without a GUI).
  • 4 – not implemented.
  • 5 – (default) fully running.
  • 6 – reboot.

The init runlevel command is used to switch between runlevels but beware that some Unix versions will use different runlevels (e.g. init 5 will power off a Solaris system).

Whereas Windows systems store configuration information in a plethora of locations (registry, file system, Active Directory, etc.), Linux generally uses a series of text files; however, just like in Windows, these may be spread all over the file system. This is probably the most confusing element for an administrator converting from Windows and the following is a list of likely locations from the file system hierarchy in which to find information:

  • Home directories (/root, /home/username).
  • Binaries (essential in /bin, non-essential in /usr/bin, third-party in /usr/local/bin).
  • System binaries (essential in /sbin, non-essential in /usr/sbin, third-party in /usr/local/sbin).
  • Foreign file system mountpoints (/media, /mnt).
  • System configuration (/etc).
  • Temporary files (/tmp).
  • Kernel and bootloader (/boot).
  • Server data such as logs and spool files (/var, /srv).
  • System information (/proc, /sys).
  • Libraries (essential in /lib, non-essential in /usr/lib, third-party in /usr/local/lib).

Everything in Linux is represented as a file – even hardware (files within the /dev and /proc directories – note that files in /proc are memory-based, rather than disk-based). Hard disks use a naming convention with hd representing an IDE hard disk and sd representing a SCSI hard disk. This is followed with a letter to distinguish the first disk as a, second disk as b, etc. Finally, partition numbers are indicated with a numeric suffix, so /dev/hda1 is the first partition on the first IDE disk. The partition table can be listed with fdisk -l.

Although Linux does support directory services and other authentication mechanisms using pluggable authentication modules (PAMs), some local users and groups will inevitably be required. Users may be created using the useradd command and groups with groupadd. Each Linux user has a numeric user identifier (UID) – root is always 0. Users are associated with one or more groups (a primary group and optional secondary groups), each of which is identified by its group identifier – the GID. User information, including name, UID, default GID, home directory and shell, is stored in the /etc/passwd file. Group information is stored in /etc/group. Even though the passwd command is used to change a password, passwords are not actually stored in /etc/passwd – instead they are stored as a password hash in /etc/shadow, along with details of when the password was last changed and the account expiration policy. System-wide account expiration policies can be defined in /etc/login.defs.

Unlike in Windows, Linux filenames are case sensitive. Linux, in common with other Unix variants, uses a discretionary access control permissions model with the concept of owner, group and others, controlled using the chmod command. Each of these can be marked with read, write or execute flags, as well as special flags (set user ID, set group ID and sticky) and another flag which indicates if a file is a directory.

For regular files, read means examine the file contents, write means modify the file contents and execute means run the file as a command. For directories, read means list directory contents, write means add or remove files and execute means change directory into the directory and view its properties.

When talking about file permissions, they are often expressed as a 3 (or sometimes 4) digit number. If these numbers make no sense, think of each set of permissions (special, owner, group and others) in binary:

Linux file permissions

4+2=6, so 0666 (usually written as 666) is -rw-rw-rw-. Similarly 4+2+1=7 so 0777 (777) is -rwxrwxrwx. More commonly, 0644 is -rw-r–r–.

Standard Linux file permissions are 0666 (-rw-rw-rw-) for files and 0777 (drwxrwxrwx) for directories although these are masked with a umask such as 0022 to remove the unnecessarily high permissions for group and others (0022 would make 0666 become 0644 and 0777 become 0755).

In common with other systems that use Kerberos authentication (including domain-joined Windows PCs), time synchronisation is critical to Linux systems. It’s not so important that the correct time is used, so much as that all the systems agree on a common time, but in any case the date can be set using the date command and Linux systems also have support for the network time protocol (NTP).

Linux uses TCP/IP as its networking protocol suite. Network devices are named by type and a numeric instance number. Ethernet is eth (eth0, eth1, etc.), token-ring is tr, fibre channel is fddi, dial-up and ADSL are ppp and localhost or loopback (127.0.0.1) is lo. In some circumstances, more than one connection may run using the same piece of hardware, for example Ethernet (eth0) is used for an ADSL connection, but ppp0 will be the connection tunnelled through the Ethernet link. Virtual network devices can also be created, e.g. eth0:1. It’s worth noting that changes to interface configurations will not become effective until an interface is deactivated and activated again. This can be performed from the command line using ifdown interfacename and ifup interfacename.

Linux printing is usually achieved using the common Unix printing system (CUPS); however, just as in Windows there is support for local and networked printers, with a variety of drivers, Printing is one area which is often easiest to configure using the GUI.

Recent versions of Linux include a kernel feature known as secure Linux (SELinux), which replaces the traditional discretionary access control model described earlier, with policy-based mandatory access controls which enforce security within a defined context. As SELinux is relatively new feature, many applications and services are not aware of it and whilst disabling SELinux is discouraged, it can be set not to enforce policy (although violations will still be logged to /var/log/messages). Another security feature that should not be alien in principle to Windows administrators is the built-in packet filtering firewall, administered using the iptables command.

So that’s it – a quick introduction to Linux for Windows administrators. To find out more, I recommend installing one of the free distributions and giving it a go for yourself. For help, try one of the following:

  • whatis commandname.
  • commandname --help.
  • man commandname (manual pages for many commands).
  • info commandname (texinfo pages for some commands).
  • Files in /usr/share/doc/packagename.
  • Website for the Linux distribution in use (e.g. Fedora, Debian, etc.).
  • The Linux documentation project.

If all else, fails, there’s a whole load of information that can be found by searching Google.