Intro to Linux Shared Libraries (How to Create Shared Libraries)

A library is a file containing compiled code from various object files stuffed into a single file. It may contain a group of functions that are used in a particular context. For example, the ‘pthread’ library is used when thread related functions are to be used in the program.

Broadly, a library (or Program Library) can be of two types :

  1. Shared Library
  2. Static Library

In this article we will discuss specifically about Shared Libraries.

Shared Libraries

Shared Libraries are the libraries that can be linked to any program at run-time. They provide a means to use code that can be loaded anywhere in the memory. Once loaded, the shared library code can be used by any number of programs. So, this way the size of programs(using shared library) and the memory footprint can be kept low as a lot of code is kept common in form of a shared library.

Shared libraries provide modularity to the development environment as the library code can be changed, modified and recompiled without having to re-compile the applications that use this library. For example, for any change in the pthread library code, no change is required in the programs using pthread shared library. A shared library can be accessed through different names :

  • Name used by linker (‘lib’ followed by the library name, followed by ‘.so’ . For example
  • Fully qualified name or soname ( ‘lib’ followed by the library name, followed by ‘.so’, followed by ‘.’ and a version number. For example :
  • Real name (‘lib’ followed by the library name, followed by ‘.so’, followed by ‘.’ and a version number, followed by a ‘.’ and a minor number, followed by a ‘.’ and a release number. Release number is optional. For example,

A version number is changed for a shared library when the changes done in the code make the shared library incompatible with the previous version. For example, if a function is completely removed then a new version of the library is required.

A minor number is changed in case there is a modification in the code that does not make the shared library incompatible with the previous version being used. For example, a small bug fix won’t break the compatibility of the existing shared library so only a minor number is changed while version remains the same.

Now, one may wonder why so many names for a shared library?

Well, these naming conventions help multiple versions of same shared library to co-exist in a system. The programs linking with the shared library do not need to take care about the latest version of the shared library installed in the system. Once the latest version of the shared library is installed successfully, all the programs automatically start linking to the latest version.

The name used by linker is usually a symbolic link to the fully qualified soname which in turn is a symbolic link to the real name.

Placement in File System

There are mainly three standard locations in the filesystem where a library can be placed.

  • /lib
  • /usr/lib
  • /usr/local/lib

We will go by the Filesystem Hierarchy standards(FHS) here. According to the FHS standards, All the libraries which are loaded at start up and running in the root filesystem are kept in /lib. While the libraries that are used by system internally are stored at /usr/lib. These libraries are not meant to be directly used by users or shell scripts. There is a third location /usr/local/lib( though it is not defined in the latest version of FHS ). If it exists, it contains all the libraries that are not part of standard distribution. These non-standard libraries are the one’s which you download and could be possibly buggy.

Using ldconfig

Once a shared library is created, copy the shared library to directory in which you want the library to reside (for example /usr/local/lib or /usr/lib). Now, run ldconfig command in this directory.

What does ldconfig do?

You remember that we discussed earlier that a linker name for shared library is a symbolic link to the fully qualified soname which in turn is a symbolic link to the real name. Well, this command does exactly the same.

When you run an ELF executable, by default the loader is run first. The loader itself is a shared object file /lib/ where ‘X’ is a version number. This loader in turn finds and loads all the shared libraries on which our program depends.

All the directories that are searched by the loader in order to find the libraries is stored in /etc/ Searching all the directories specified in /etc/ file can be time consuming so every time ldconfig command is run, it sets up the required symbolic links and then creates a cache in file /etc/ where all the information required for executable is written. Reading information from cache is very less time consuming. The catch here is that ldconfig command needs to be run every-time a shared library is added or removed. So on start-up the program uses /etc/ to load the libraries it requires.

Using Non Standard Library Locations

When using non standard library locations. One of the following three steps could be carried out :

Add the path to /etc/ file. This file contains paths to all the directories in which the library is searched by the loader. This file could sometime contain a single line like :

include /etc/*.conf

In that case, just create a conf file in the same directory. You can directly add a directory to cache by using the following command :

ldconfig -n [non standard directory path containing shared library]

Note that this is a temporary change and will be lost once the system is rebooted. Update the environment variable LD_LIBRARY_PATH to point to your directory containing the shared library. Loader will use the paths mentioned in this environment variable to resolve dependencies.

Note that on some Unix systems the name of the environment variable could differ.

Note: On a related topic, as we explained earlier, there are four main stagesthrough which a source code passes in order to finally become an executable.

Example (How to Create a Shared Library)

Lets take a simple practical example to see how we can create and use shared libraries. The following is the piece of code (shared.c) that we want to put in a shared library :

#include "shared.h"
unsigned int add(unsigned int a, unsigned int b)
    printf("\n Inside add()\n");
    return (a+b);

shared.h looks like :

extern unsigned int add(unsigned int a, unsigned int b);

Lets first make shared.c as a shared library.

1. Run the following two commands to create a shared library :

gcc -c -Wall -Werror -fPIC shared.c
gcc -shared -o shared.o

The first command compiles the code shared.c into position independent code which is required for a shared library.
The second command actually creates a shared library with name ‘’.

2. Here is the code of the program that uses the shared library function ‘add()’

int main(void)
    unsigned int a = 1;
    unsigned int b = 2;
    unsigned int result = 0;

    result = add(a,b);

    printf("\n The result is [%u]\n",result);
    return 0;

3. Next, run the following command :

gcc -L/home/himanshu/practice/ -Wall main.c -o main -lshared

This command compiles the main.c code and tells gcc to link the code with shared library (by using flag -l) and also tells the location of shared file(by using flag -L).

4. Now, export the path where the newly created shared library is kept by using the following command :

export LD_LIBRARY_PATH=/home/himanshu/practice:$LD_LIBRARY_PATH

The above command exports the path to the environment variable ‘LD_LIBRARY_PATH’.

5. Now run the executable ‘main’ :

# ./main

Inside add()

The result is [3]

So we see that shared library was loaded and the add function inside it was executed.

Linux Commands For Shared Library Management & Debugging Problem

If you are a developer, you will re-use code provided by others. Usually /lib, /lib64, /usr/local/lib, and other directories stores various shared libraries. You can write your own program using these shared libraries. As a sys admin you need to manage and install these shared libraries. Use the following commands for shared libraries management, security, and debugging problems.

What is a Library In Linux or UNIX?

In Linux or UNIX like operating system, a library is noting but a collection of resources such as subroutines / functions, classes, values or type specifications. There are two types of libraries:

  1. Static libraries – All lib*.a fills are included into executables that use their functions. For example you can run a sendmail binary in chrooted jail using statically liked libs.
  2. Dynamic libraries or linking [ also known as DSO (dynamic shared object)] – All lib*.so* files are not copied into executables. The executable will automatically load the libraries using or

Linux Library Management Commands

  1. ldconfig : Updates the necessary links for the run time link bindings.
  2. ldd : Tells what libraries a given program needs to run.
  3. ltrace : A library call tracer.
  4. Dynamic linker/loader.

Important Files

As a sys admin you should be aware of important files related to shared libraries:

  1. /lib/* : Execution time linker/loader.
  2. /etc/ : File containing a list of colon, space, tab, newline, or comma separated directories in which to search for libraries.
  3. /etc/ : File containing an ordered list of libraries found in the directories specified in /etc/ This file is not in human readable format, and is not intended to be edited. This file is created by ldconfig command.
  4. lib*.so.version : Shared libraries stores in /lib, /usr/lib, /usr/lib64, /lib64, /usr/local/lib directories.

#1: ldconfig command

You need to use the ldconfig command to create, update, and remove the necessary links and cache (for use by the run-time linker, to the most recent shared libraries found in the directories specified on the command line, in the file /etc/, and in the trusted directories (/usr/lib, /lib64 and /lib). The ldconfig command checks the header and file names of the libraries it encounters when determining which versions should have their links updated. This command also creates a file called /etc/ which is used to speed up linking.


In this example, you’ve installed a new set of shared libraries at /usr/local/lib/:
$ ls -l /usr/local/lib/
Sample outputs:

-rw-r--r-- 1 root root 878738 Jun 16  2010 libGeoIP.a
-rwxr-xr-x 1 root root    799 Jun 16  2010
lrwxrwxrwx 1 root root     17 Jun 16  2010 ->
lrwxrwxrwx 1 root root     17 Jun 16  2010 ->
-rwxr-xr-x 1 root root 322776 Jun 16  2010
-rw-r--r-- 1 root root  72172 Jun 16  2010 libGeoIPUpdate.a
-rwxr-xr-x 1 root root    872 Jun 16  2010
lrwxrwxrwx 1 root root     23 Jun 16  2010 ->
lrwxrwxrwx 1 root root     23 Jun 16  2010 ->
-rwxr-xr-x 1 root root  55003 Jun 16  2010

Now when you run an app related to, you will get an error about missing library. You need to run ldconfig command manually to link libraries by passing them as command line arguments with the -l switch:
# ldconfig -l /path/to/lib/
Another recommended options for sys admin is to create a file called/etc/ as follows:


Now just run ldconfig to update the cache:
# ldconfig
To verify new libs or to look for a linked library, enter:
# ldconfig -v
# ldconfig -v | grep -i geoip

Sample outputs: -> ->

Troubleshooting Chrooted Jails

You can print the current cache with the -p option:
# ldconfig -p
Putting web server such as Apache / Nginx / Lighttpd in a chroot jail minimizes the damage done by a potential break-in by isolating the web server to a small section of the filesystem. It is also necessary to copy all files required by Apache inside the filesystem rooted at /jail/ directory , including web server binaries, shared Libraries, modules, configuration files, and php/perl/html web pages. You need to also copy /etc/{,} files and /etc/ directory to /jail/etc/ directory. Use the ldconfig command to update, print and troubleshoot chrooted jail problems:

### chroot to jail bash
chroot /jail /bin/bash
###  now update the cache in /jail ###
###  print the cache in /jail ###
ldconfig -p
### copy missing libs ###
cp /path/to/some.lib /jail/path/to/some.lib
ldconfig -v | grep some.lib
### get out of jail ###
### may be delete bash and ldconfig to increase security (NOTE path carefully) ###
cd /jail
rm sbin/ldconfig bin/bash
### now start nginx jail ###
chroot /jail /usr/local/nginx/sbin/nginx


A rootkit is a program (or combination of several programs) designed to take fundamental control of a computer system, without authorization by the system’s owners and legitimate managers. Usually, rootkit use /lib, /lib64, /usr/local/lib directories to hide itself from real root users. You can use ldconfig command to view all the cache of all shared libraries and unwanted programs:
# /sbin/ldconfig -p | less
You can also use various tools to detect rootkits under Linux.

Common errors

You may see the errors as follows:

Dynamic linker error in foo
Can’t map cache file cache-file
Cache file cache-file foo

All of the above errors means the linker cache file /etc/ is corrupt or does not exists. To fix these errors simply run the ldconfig command as follows:
# ldconfig

Can’t find library xyz Error

The executable required a dynamically linked library that or cannot find. It means a library called xyz needed by the program called foo not installed or path is not set. To fix this problem install xyz library and set path in /etc/ file or create a file in /etc/ directory.

#2: ldd command

ldd (List Dynamic Dependencies) is a Unix and Linux program to display the shared libraries required by each program. This tools is required to build and run various server programs in a chroot jail. A typical example is as follows to list the Apache server shared libraries, enter:
# ldd /usr/sbin/httpd
Sample outputs: => /lib64/ (0x00002aff52a0c000) => /lib64/ (0x00002aff52c8f000) => /lib64/ (0x00002aff52eab000) => /usr/lib64/ (0x00002aff530c4000) => /lib64/ (0x00002aff532de000) => /usr/lib64/ (0x00002aff53516000) => /usr/lib64/ (0x00002aff53751000) => /lib64/ (0x00002aff5395f000) => /lib64/ (0x00002aff53c55000) => /usr/lib64/ (0x00002aff53e78000) => /lib64/ (0x00002aff5409f000) => /lib64/ (0x00002aff542ba000) => /lib64/ (0x00002aff544bf000) => /lib64/ (0x00002aff54816000)
	/lib64/ (0x00002aff527ef000) => /lib64/ (0x00002aff54a5c000) => /lib64/ (0x00002aff54c61000) => /usr/lib64/ (0x00002aff54e76000) => /lib64/ (0x00002aff5508f000) => /lib64/ (0x00002aff552dc000) => /usr/lib64/ (0x00002aff5562d000) => /usr/lib64/ (0x00002aff5585c000) => /lib64/ (0x00002aff55af1000) => /usr/lib64/ (0x00002aff55cf3000) => /usr/lib64/ (0x00002aff55f19000) => /usr/lib64/ (0x00002aff5612d000) => /lib64/ (0x00002aff56335000)

Now, you can copy all those libs one by one to /jail directory

# mkdir /jail/lib
# cp  /lib64/ /jail/lib
# cp /lib64/ /jail/lib

You can write a bash script to automate the entire procedure:

        local d="$1"            # JAIL ROOT
        local pFILE="$2"        # copy bin file libs
        local files=""
	## use ldd to get shared libs list ###
        files="$(ldd $pFILE |  awk '{ print $3 }' | sed  '/^$/d')"
        for i in $files
          dcc="${i%/*}" # get dirname only
          [ ! -d ${d}${dcc} ] && mkdir -p ${d}${dcc}
          ${_cp} -f $i ${d}${dcc}
        # Works with 32 and 64 bit ld-linux
        sldl="$(ldd $pFILE | grep 'ld-linux' | awk '{ print $1}')"
        [ ! -f ${d}${sldl} ] && ${_cp} -f ${sldl} ${d}${sldlsubdir}

Call cp_support_shared_libs() it as follows:

cp_support_shared_libs "/jail" "/usr/local/nginx/sbin/nginx"

Report Missing Functions

Type the following command:
$ ldd -d /path/to/executable

Report Missing Objects

Type the following command:
$ ldd -r /path/to/executable

Determine If Particular Feature Supported Or Not

TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet. TCP wrappers was original written to monitor and stop cracking activities on the UNIX / Linux systems. To determine whether a given executable daemon supports TCP Wrapper or not, run the following command:
$ ldd /usr/sbin/sshd | grep libwrap
Sample outputs: => /lib64/ (0x00002abd70cbc000)

The output indicates that the OpenSSH (sshd) daemon supports TCP Wrapper.

Other usage of ldd command

You can use the ldd command when an executable is failing because of a missing dependency. Once you found a missing dependency, you can install it or update the cache with the ldconfig command as mentioned above.

#3: ltrace command

The ltrace command simply runs the specified command until it exits. It intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process. It can also intercept and print the system calls executed by the program. Its use is very similar to strace command.
# ltrace /usr/sbin/httpd
# ltrace /sbin/chroot /usr/sbin/httpd
# ltrace /bin/ls

Sample outputs:

__libc_start_main(0x804fae0, 1, 0xbfbd6544, 0x805bce0, 0x805bcd0 
strrchr("/bin/ls", '/')                                                                                                                            = "/ls"
setlocale(6, "")                                                                                                                                   = "en_IN.utf8"
bindtextdomain("coreutils", "/usr/share/locale")                                                                                                   = "/usr/share/locale"
textdomain("coreutils")                                                                                                                            = "coreutils"
__cxa_atexit(0x8052d10, 0, 0, 0xbfbd6544, 0xbfbd6498)                                                                                              = 0
isatty(1)                                                                                                                                          = 1
getenv("QUOTING_STYLE")                                                                                                                            = NULL
getenv("LS_BLOCK_SIZE")                                                                                                                            = NULL
getenv("BLOCK_SIZE")                                                                                                                               = NULL
getenv("BLOCKSIZE")                                                                                                                                = NULL
getenv("POSIXLY_CORRECT")                                                                                                                          = NULL
getenv("BLOCK_SIZE")                                                                                                                               = NULL
getenv("COLUMNS")                                                                                                                                  = NULL
ioctl(1, 21523, 0xbfbd6470)                                                                                                                        = 0
getenv("TABSIZE")                                                                                                                                  = NULL
getopt_long(1, 0xbfbd6544, "abcdfghiklmnopqrstuvw:xABCDFGHI:"..., 0x0805ea40, -1)                                                                  = -1
__errno_location()                                                                                                                                 = 0xb76b8694
malloc(40)                                                                                                                                         = 0x08c8e3e0
memcpy(0x08c8e3e0, "", 40)                                                                                                                         = 0x08c8e3e0
output truncated
free(0x08c8e498)                                                                                                                                   = 
free(NULL)                                                                                                                                         = 
free(0x08c8e480)                                                                                                                                   = 
__fpending(0xb78334e0, 0xbfbd6334, 0xb78876a3, 0xb78968f8, 0)                                                                                      = 0
fclose(0xb78334e0)                                                                                                                                 = 0
__fpending(0xb7833580, 0xbfbd6334, 0xb78876a3, 0xb78968f8, 0)                                                                                      = 0
fclose(0xb7833580)                                                                                                                                 = 0
+++ exited (status 0) +++

The ltrace command is a perfect debugging utility in Linux:

  1. To monitor the library calls used by a program and all the signals it receives.
  2. For tracking the execution of processes.
  3. It can also show system calls, used by a program.

ltrace Command Examples

Consider the following c program:

#include <stdio.h>
int main(){
	printf("Hello world\n");
	return 0;

Compile and run it as follows:
$ cc hello.c -o hello
$ ./hello

Now use the ltrace command to tracking the execution of processes:
$ ltrace -S -tt ./hello
Sample outputs:

15:20:38.561616 SYS_brk(NULL)                                                                                                                      = 0x08f42000
15:20:38.561845 SYS_access("/etc/", 00)                                                                                               = -2
15:20:38.562009 SYS_mmap2(0, 8192, 3, 34, -1)                                                                                                      = 0xb7708000
15:20:38.562155 SYS_access("/etc/", 04)                                                                                               = -2
15:20:38.562336 SYS_open("/etc/", 0, 00)                                                                                                = 3
15:20:38.562502 SYS_fstat64(3, 0xbfaafe20, 0xb7726ff4, 0xb772787c, 3)                                                                              = 0
15:20:38.562629 SYS_mmap2(0, 76469, 1, 2, 3)                                                                                                       = 0xb76f5000
15:20:38.562755 SYS_close(3)                                                                                                                       = 0
15:20:38.564204 SYS_access("/etc/", 00)                                                                                               = -2
15:20:38.564372 SYS_open("/lib/tls/i686/cmov/", 0, 00)                                                                                    = 3
15:20:38.564561 SYS_read(3, "\177ELF010101", 512)                                                                                            = 512
15:20:38.564694 SYS_fstat64(3, 0xbfaafe6c, 0xb7726ff4, 0xb7705796, 0x8048234)                                                                      = 0
15:20:38.564822 SYS_mmap2(0, 0x1599a8, 5, 2050, 3)                                                                                                 = 0xb759b000
15:20:38.565076 SYS_mprotect(0xb76ee000, 4096, 0)                                                                                                  = 0
15:20:38.565209 SYS_mmap2(0xb76ef000, 12288, 3, 2066, 3)                                                                                           = 0xb76ef000
15:20:38.565454 SYS_mmap2(0xb76f2000, 10664, 3, 50, -1)                                                                                            = 0xb76f2000
15:20:38.565604 SYS_close(3)                                                                                                                       = 0
15:20:38.565709 SYS_mmap2(0, 4096, 3, 34, -1)                                                                                                      = 0xb759a000
15:20:38.565842 SYS_set_thread_area(0xbfab030c, 0xb7726ff4, 0xb759a6c0, 1, 0)                                                                      = 0
15:20:38.566070 SYS_mprotect(0xb76ef000, 8192, 1)                                                                                                  = 0
15:20:38.566185 SYS_mprotect(0x08049000, 4096, 1)                                                                                                  = 0
15:20:38.566288 SYS_mprotect(0xb7726000, 4096, 1)                                                                                                  = 0
15:20:38.566381 SYS_munmap(0xb76f5000, 76469)                                                                                                      = 0
15:20:38.566522 __libc_start_main(0x80483e4, 1, 0xbfab04e4, 0x8048410, 0x8048400 
15:20:38.566667 puts("Hello world" 
15:20:38.566811 SYS_fstat64(1, 0xbfab0310, 0xb76f0ff4, 0xb76f14e0, 0x80484c0)                                                                      = 0
15:20:38.566936 SYS_mmap2(0, 4096, 3, 34, -1)                                                                                                      = 0xb7707000
15:20:38.567126 SYS_write(1, "Hello world\n", 12Hello world
)                                                                                                  = 12
15:20:38.567282 <... puts resumed> )                                                                                                               = 12
15:20:38.567348 SYS_exit_group(0 
15:20:38.567454 +++ exited (status 0) +++

You need to carefully monitor the order and arguments of selected functions such as open() [used to open and possibly create a file or device] or chown() [used to change ownership of a file] so that you can spot simple kinds of race conditions or security related problems. This is quite useful for evaluating the security of binary programs to find out what kind of changes made to the system.

ltrace: Debugging Memory & I/O Usage For HA Based Cluster Computers

The ltrace command can be used to trace memory usage of the malloc() and free() functions in C program. You can calculate the amount of memory allocated as follows:
[node303 ~]$ ltrace -e malloc,free ./simulator arg1 agr2 arg3
The ltrace will start ./simulator program and it will trace the malloc() and free() functions. You can find out I/O problems as follows:
[node303 ~]$ ltrace -e fopen,fread,fwrite,fclose ./simulator arg1 agr2 arg3
You may need to change function names as your programming languages or UNIX platform may use different memory allocation functions.

#4: Command

The or / used as follows by Linux:

  1. To load the shared libraries needed by a program.
  2. To prepare the program to run, and then runs it.

List All Dependencies and How They Are Resolved

Type the following command:
# cd /lib
For 64 bit systems:
# cd /lib64
Pass the –list option, enter:
# ./ --list /path/to/executable

Other options

From the man page:

  --verify                   verify that given object really is a dynamically linked object we can handle
  --library-path PATH   use given PATH instead of content of the environment variable LD_LIBRARY_PATH
  --inhibit-rpath LIST    ignore RUNPATH and RPATH information in object names in LIST

Environment Variables

The LD_LIBRARY_PATH can be used to set a library path for finding dynamic libraries using LD_LIBRARY_PATH, in the standard colon seperated format:
$ export LD_LIBRARY_PATH=/opt/simulator/lib:/usr/local/lib
The LD_PRELOAD allow an extra library not specified in the executable to be loaded:
$ export LD_PRELOAD=/home/vivek/dirhard/
Please note that these variables are ignored when executing setuid/setgid programs.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: