Professional Documents
Culture Documents
LINUX Complete
LINUX Complete
On a Linux system, everything is a file; if something is not a file, it is a process. Most files are
regular fils; they contain normal data, for example text files, executable file or programs, input or
output from a program and so on. As Linux stores data and program in files. These are organized
in directories. A directory is just a file that contains other files or directories.
In Windows operating system, we have C:\ drive, and there are many directories under C:
, such as Documents and Settings, Program Files, etc. In Linux, we can think of /(root directory)
as C drive in Windows. All files system directory or mount points in Linux are under / directory.
There are many directories full of child directories and files. Some directories such as bin, sbin,
and lib can be found in several other directories too. The following table describes many of the
most command Linux directories. Some file system and directories structure in one Linux
distribution maybe different from other Linux distributions.
All files on a Linux system are stored on file systems which are organized into a single inverted
tree or directories, known as a file system hierarchy. In the inverted tree, root lies at the top and
the branches of directories and sub-directories stretch below the root.
To locating a files or folders by name we can use absolute path or relative path.
Path:
A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a
combination of / and alpha-numeric characters.
Absolute Path:
An absolute path is define as the specifying the location of a file or directory from the root
directory (/). Absolute path is a complete path from start of actual filesystem from / directory.
Relative Path:
Relative Path is identifies a unique file, specifying only the path necessary to reach the file from
the working directory. A path name with anything other than a forward slash (/) as a first
character is a relative path name. Such as a folder name doc on a root desktop: #cd doc
Navigating Paths:
Many task rely on being able to get to, or reference the correct location in the system. A lot of
command on the terminal will rely on you being in the right location. A you’re moving around.
The first command for Navigation around is pwd which stands for (Print Working Directory) this
command just tells what your current or present working directory is. in order to move around in
the system, we use a command called cd which stands for change directory.
[cms@asim Desktop]$ cd ..
[cms@asim ~]$ ls
Desktop Documents Downloads Music Pictures Public Templates Videos
[cms@asim ~]$ ll total 0 drwxr-xr-x. 2 cms cms 18 Jun 19 12:10 Desktop drwxr-xr-x. 2 cms
cms 6 Jun 12 17:33 Documents drwxr-xr-x. 2 cms cms 6 Jun 12 17:33 Downloads drwxr-xr-x.
2 cms cms 6 Jun 12 17:33 Music drwxr-xr-x. 2 cms cms 6 Jun 12 17:33 Pictures drwxr-xr-x. 2
cms cms 6 Jun 12 17:33 Public drwxr-xr-x. 2 cms cms 6 Jun 12 17:33 Templates drwxr-xr-x. 2
cms cms 6 Jun 12 17:33 Videos
[cms@asim ~]$ ls -r
Videos Templates Public Pictures Music Downloads Documents Desktop
[cms@asim ~]$ ls -t
Desktop Documents Downloads Music Pictures Public Templates Videos
[cms@asim ~]$ ls -l total 0 drwxr-xr-x. 2 cms cms 18 Jun 19 12:10 Desktop drwxr-xr-x. 2 cms
cms 6 Jun 12 17:33 Documents drwxr-xr-x. 2 cms cms 6 Jun 12 17:33 Downloads drwxr-xr-x.
2 cms cms 6 Jun 12 17:33 Music drwxr-xr-x. 2 cms cms 6 Jun 12 17:33 Pictures drwxr-xr-x. 2
cms cms 6 Jun 12 17:33 Public drwxr-xr-x. 2 cms cms 6 Jun 12 17:33 Templates drwxr-xr-x. 2
cms cms 6 Jun 12 17:33 Videos
[cms@asim ~]$ ls -h
Desktop Documents Downloads Music Pictures Public Templates Videos
[cms@asim Desktop]$ mkdir {1,2,3,4} [cms@asim Desktop]$ mkdir dir2 dir3 dir4
[cms@asim Desktop]$ comm f1 f2 hi my name is asim Today i will teach you chp no 2
ldapuser1:x:1001:1001::/home/ldapuser1:/bin/bash
ldapuser2:x:1002:1002::/home/ldapuser2:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
#cat -n filename – To see how many lines are written in the file (Number)
[cms@asim Desktop]$ diff f1 f2 1c1 < hi my name is asim — > Today i will teach you chp no 2
Often, needs to perform a single operation on many filesystem objects. For example, if we
needed to create multiple directories all beginning with the name “Doc” and then followed by a
number, we could issue the command: mkdir Doc1 Doc2 Doc3 Doc4. it will be very quiet time
consuming if there were a lot to create. However, we could save a lot of time by issuing the
command: mkdir Doc(01..10). Basic appreciation of wildcards, pattern matching and expansion
technique can rescue us.
Wildcard or Globbing:
[cms@asim Desktop]$ ls *f ff
[cms@asim Desktop]$ ls ???* file9 pass 1..10: dir1: f1 touch2 dir2: dir3: dir4:
Command Line:
A command Line, CLI, Command Line Interface, or Terminal, is a text based interface to the
system. Enter the commands by typing them on the keyboard and feedback will be given back by
Command Line or Terminal. The command line typically presents a prompt. As type, it will be
displayed after the prompt. Most of the time you will be issuing commmands. A command line is
a text-based interface which can be used to input instruction top a computer system.
Shell:
A shell is a user inteface to a computer system that relies on keyboard input. Shell is a command
language interpreter that executes commands read from the standard input keyboard of from a
file. Shell is not part of system kernel, but uses the system kernel to execute programs, create file
etc. The dedault Linux command line interface or terminal is the Bourne Again SHell or Bash
Shell. A bash is a command interpreter. The Bash Shell is similar in concep to the command line
interpreter found in Microsoft Windows CMS.
Type the command #echo $O or #echo $SHELL in the terminal to see which shell you are using
Command:
A command is an instruction given by a user telling a computer to do something, command the
name of the program to run. Commands are generally issued by typing them in at the command
line and then pressing the ENTER key, which passes them to the shell. One command consists of
three parts, Command name, Options, and Arguments.
Example: command-name optionA optionB argument1 argument2. Command[options]
[arguments].
Between command-name, Option and arguments, space is necessary. Option always start with
“_”
OR “–“.
Example: ls -l /etc where ls is a Command name -l is Option and /etc is Arguments
Kernel:
The Kernel is a software code that servers as a layer between the hardware and main programs
that runs on a computer. It is the first part to load when the OS boots up. Its loaded in memory
and stay there throughout the entire time the computer is in session. The Linux kernel allows for
communication between the hardware via drivers included in the kernel or added via kernel
modules and the software. It also responsible for the eddicient managemet of the system’s
resources such as memory management, process and task management, and dick management.
GNOME:
GNOME stands for GNU Network Object Model Enviroment. GNOME is a full point-and-click
enviroment — colors, little, pictures, the works. GNOME is a desktop enviroment and graphical
user interface that runs on top of a computer operating system. Is is composed entirely of free
and open source software. It is an international project that includes ceating software
development frameworks, selecting application software fot the desktop, and working on the
program that manage application launching, files handling, and window and task management.
GNOME can be used with various Unix like operating systems.
KDE:
KDE stands for K Dekstop Enviroment. KDE is a desktop working platform with a graphical
user interface (GUI) released in the form of an open-source package. It is a sdesktop enviroment
for Linux based operating system. KDE as a GUI forLinux OS. KDE has proved Linux user to
make it use as easy as they use windows. KDE provides Linux users a graphical interface to
choose their own customized dekstop enviroment.
When a regular user starts a shell, the default prompt ends with a $ character.
E.g. [student@desktop ~]$
When a super user starts a shell, the default prompts end with a # character. This makes it more
obvious that is a superuser shell, which helps to avoid accidents and mistakes in the privileged
account. Super user is also called as root.
E.g. [root@desktop -]#
Ctrl + Left Arrow – Jump to the beginning of the previous word on the command line.
; – Separate commands on the same line.
Ctrl + k – Clear from the cursor to the end of the command line.
!string – Re-execute a recent command by matching the command name.
Tab – Shortcut used to complete commands, file names, and options.
!number – Re-execute a specific command in the history list.
Ctrl + a – Jump to the beginning for the command line
history – Display the list of previous commands.
Esc+. – Copy the last argument of previous commands.
Basic Commands
[cms-lab1@localhost ~]
$ whoami
cms-lab1
[root@localhost ~]
# whoami
root
date – The date command is used to display the current date and time.
[cms-lab1@localhost ~]
$ date
Sat Jun 8 10:36:41 IST 2019
[cms-lab1@localhost ~]
$ date +%R
10:37
[cms-lab1@localhost ~]
$ date +%r
10:37:35 AM
[cms-lab1@localhost ~]
$ date +%x
06/08/2019
[cms-lab1@localhost ~]
$ date +%X
10:38:04 AM
[root@localhost ~]
# cal
June 2019
Su Mo Tu We Th Fr Sa
1
2345678
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30
[cms-lab1@localhost ~]
$ su root
Password:
[root@localhost cms-lab1]
#
or
[cms-lab1@localhost ~]
$ su –
Password:
Last login: Sat Jun 8 10:49:59 IST 2019 on pts/0
[root@localhost ~]
[root@localhost ~]
# su cms-lab1
[cms-lab1@localhost root]
$ cd ~
[cms-lab1@localhost ~]
$
Note: We used “cd ~” command to change the directory from root to normal user.
[cms-lab1@localhost ~]
$ passwd
Changing password for user student.
Changing password for student.
(current) UNIX password: old_password
New password: new_password
Retype new password – new_password
passwd: all authentication tokens update successfully.
file – Linux does not require the file name extensions to classify by type. The file command
scans the beginning of a file’s contents and display what type it is. The files to be classified are
passed as argument to the command.
[cms-lab1@localhost ~]
$ file /etc/passwd
/etc/passwd: ASCII text
[cms-lab1@localhost ~]
$ file /bin/passwd
/bin/passwd: setuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically
linked (uses shared libs), for GNU/Linux 2.6.32,
BuildID[sha1]=0a16a7915f7f9b01d96442755257e22067ce5b2c, stripped
[cms-lab1@localhost ~]
$ file /home
/home: directory
ls for Listing Files – If you want to see the list of files on your Linux system, uuse the ‘ls’
command.
[cms-lab1@localhost ~]
$ ls
Desktop Documents Downloads Music Pictures Public Templates Videos
[cms-lab1@localhost ~]
$ ls -l
total 0
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Desktop
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Documents
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Downloads
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Music
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Pictures
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Public
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Templates
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Videos
If you want to see hidden files on your Linux system, use ‘ls -a’ command.
[cms-lab1@localhost ~]
$ ls -a
. .bash_profile Desktop .ICEauthority Pictures
.. .bashrc Documents .local Public
.bash_history .cache Downloads .mozilla Templates
.bash_logout .config .esd_auth Music Videos
You can use ‘ls-R’ to shows all the files not only in directories but also in subdirectories
[cms-lab1@localhost ~]
$ ls -R
.:
Desktop Documents Downloads Music Pictures Public Templates Videos
./Desktop:
./Documents:
./Downloads:
./Music:
./Pictures:
./Public:
./Templates:
./Videos:
‘ls -al’ gives detailed information of the files. The command provices information in a columnar
format.
[cms-lab1@localhost ~]
$ ls -al
total 36
drwx——. 14 cms-lab1 cms-lab1 4096 Jun 8 10:50 .
drwxr-xr-x. 3 root root 21 Jun 1 18:50 ..
-rw——-. 1 cms-lab1 cms-lab1 5 Jun 1 12:31 .bash_history
-rw-r–r–. 1 cms-lab1 cms-lab1 18 Jul 8 2015 .bash_logout
-rw-r–r–. 1 cms-lab1 cms-lab1 193 Jul 8 2015 .bash_profile
-rw-r–r–. 1 cms-lab1 cms-lab1 231 Jul 8 2015 .bashrc
drwx——. 10 cms-lab1 cms-lab1 4096 Jun 1 12:27 .cache
drwxr-xr-x. 15 cms-lab1 cms-lab1 4096 Jun 1 12:27 .config
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Desktop
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Documents
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Downloads
-rw——-. 1 cms-lab1 cms-lab1 16 Jun 1 12:26 .esd_auth
-rw——-. 1 cms-lab1 cms-lab1 628 Jun 8 10:36 .ICEauthority
drwx——. 3 cms-lab1 cms-lab1 18 Jun 1 12:26 .local
drwxr-xr-x. 4 cms-lab1 cms-lab1 37 Jun 1 18:21 .mozilla
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Music
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Pictures
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Public
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Templates
drwxr-xr-x. 2 cms-lab1 cms-lab1 6 Jun 1 12:26 Videos
head tail – The head and tail command display the beginning and end of a file respectively. By
default, these commands display 10 lines, but they both have a -n option that allows a different
number of lines to be specified. The file to display is passed as an arguments to these commands.
[cms-lab1@localhost ~]
$ head /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
[cms-lab1@localhost ~]
$ tail /etc/passwd
mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin
gnome-initial-setup:x:989:984::/run/gnome-initial-setup/:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:988:983:Dovecot’s unauthorized user:/usr/libexec/dovecot:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
cms-lab1:x:1000:1000:cms-lab1:/home/cms-lab1:/bin/bash
[cms-lab1@localhost ~]
$ head -n 4 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
[cms-lab1@localhost ~]
$ tail -n 3 /etc/passwd
ntp:x:38:38::/etc/ntp:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
cms-lab1:x:1000:1000:cms-lab1:/home/cms-lab1:/bin/bash
wc – the wc command count lines, words and characters in a file. It can take a -l, -w, or -c option
to display only the lines words, or characters, respectively.
[cms-lab1@localhost ~]
$ wc /etc/passwd
48 98 2593 /etc/passwd
[cms-lab1@localhost ~]
$ wc -l /etc/passwd
48 /etc/passwd
[cms-lab1@localhost ~]
$ wc -c /etc/passwd
2593 /etc/passwd
[cms-lab1@localhost ~]
$ wc -c /etc/group
1039 /etc/group
[cms-lab1@localhost ~]
$ wc -c /etc/hosts
158 /etc/hosts
[cms-lab1@localhost ~]
$ wc -w /etc/passwd
98 /etc/passwd
Tab completion – Tab completion allows a user to quick complete commands or file names once
they have typed enough at the prompt to make it unique. if the characters type are not unique,
pressing the Tab key twice displays all commands that begin with the characters already typed.
[cms-lab1@localhost ~]
$ pas
passwd paste pasuspender
[cms-lab1@localhost ~]
$ pass
[cms-lab1@localhost ~]
$ passwd
Changing password for user student.
Changing password for student.
(current) UNIX password: old_password
Print command (pr) – This command helps in formating the file for printing on the terminal.
history – The history command display a list of previously executed commands prefixed with a
command number
The exclamation point character, !, is a meta character that is used to expand previous commands
without having retype them. !number expand to the command matching the number specified.
!string expands to the most recent command that begins with the string specified.
[cms-lab1@localhost ~]
$ history
1 su –
2 cd ..
3 ls
4 date
5 date +%R
6 date +%r
7 date +%x
8 date +%X
9 file /etc/passwd
10 file /bin/passwd
11 file /home
12 head /etc/passwd
13 tail /etc/passwd
14 head -n 4 /etc/passwd
15 tail -n 3 /etc/passwd
16 wc -c
17 wc /etc/passwd
18 wc -l /etc/passwd
19 wc -c /etc/passwd
20 wc -c /etc/group
21 wc -c /etc/host
22 wc -c /etc/hosts
23 wc -w /etc/passwd
24 history
[cms-lab1@localhost ~]
$ !ls
ls
Desktop Documents Downloads Music Pictures Public Templates Videos
[cms-lab1@localhost ~]
$ !22
wc -c /etc/hosts
158 /etc/hosts
clear – The ‘clear’ command will clear all the clutter on the terminal and gives you a clean
window to work on.
[cms-lab1@localhost ~]
$ clear
Linux Users:
do not own files on the file system. UID 1000+ is the range available for assignment to Regular
Users. The full account information is stored in /etc/passwd file and a hash password and account
expiration information is stored in the file /etc/shadow.
Linux Group:
Linux group is a mechanism to organize a collection of users. Like the User ID, each group is
also associated with a unique ID called the GID (group ID). There are two types of groups – a
primary group and a supplementary group.
Primary Group:
By default, whenever we create user account a new group with the same user name will be
created. This group is called primary group of the user. You can associate the user with extra
groups using the usermod command. Every user has exactly one primary group. The primary
group is used by default when creating new files of directories, modifying files, or executing
commands. Primary Group information is specified in the /etc/passwd file.
Supplementary group
Supplementary group or Secondary Group are groups you are a member of beyond your primary
group. Each user is a member of a primary group and of zero or ‘more than zero’ supplementary
groups. The group information is stored in the last field of the group’s entry /etc/group and the
respective password are stored in the /etc/gshadow file.
su command:
The su command stands for Super User. It executes with no additional options. The user just
needs to add root account password. In the terminal, su also lets you access any other user
account using the required password. That’s why su also stands for substitute user or Switch
User. Simply type su followed by the user account name.
Sudo command:
sudo runs a single commands with root permission. It stands for “Super User Do” The sudo
command allows a user to be permitted to run a command as root, or as another user, based on
setting in the /etc/sudoers file. The best and safest way to edit this file is by using the visudo
command. Sudo is much better than logging in as root, or using the su “Switch User” command.
The user Manager application allows you to view, modify, add and delete local users and groups
in the graphical user interface. To start the user Manager application.
Application> Sundry> User and Groups. or, type system-config-users at the shell prompt.
Introduction:
When we run a program, those instructions are copied into memory and space is allocated for
variables and other stuff required to manage its execution. This running instance of a program is
called a process. A process is a program in execution. In simple term, any command that you
give to your Linux machine start a new process. And a program is identified by its Process ID
(PID) as well as its Parent Processes ID(PPID). A process may be in the foreground, in the
background or be suspended.
Foreground Processes:
By default, every process that you start runs in the foreground. It gets its input from the keyboard
and sends it output to the scree. They run on the screen and need input from the user. For
example, Office Programs. If you start a foreground program or process from the terminal, Then
you cannot work on the terminal, till the program is up and running. You can use the command
“fg” to continue a program which was stopped and bring it to the foreground.
Background Processes:
A background process runs without being connected to you keyboard. If the background process
requires any keyboard input, it waits. They run in the background and usually do not need user
input. For example, Antivirus. If you start background process then other task can be carried out
while the original process continue executing. To continue running the suspended command in
the background, use the “bg” command.
Daemons Process:
These are special types of background processes. Daemons are server processes that run
continuously. Most of the time, they are initialized at system startup and then wait in the
background until their service is required. A typical example is the networking daemon, xinetd,
which is started in almost every boot procedure. After the system is booted, the network daemon
just sits ad waits until a client program, needs to connect.
Top command is used to monitor processes on Linux, its display processor activity in real-time.
The processes are listed out in a list with multiple columns for details like process name, PID,
user, CPU usage, memory usage. Apart from the list of processes, the top command also shows
brief stats about average system load, CPU usage and RAM usage on the top.
Display process
[root@asim ~]# top
Check the top command version
[root@asim ~]# top -v
Display the process for specific user only
[root@asim ~]# top -u cms
[root@asim ~]# top
Shift+M -sort the process list by memory usage
Shift+P -sort the process list by CPU usage
Shift+N -sort the list by process ID
shift+T -sort by the running time
Shift+R -reverse the sortig order
Shift+A -Split output in multiple panels
[root@asim ~]# top
x -Highlight the sorted column with bold text
b -highlight sorted column background color
d -hanged the refresh interval
c -Display the full command path
u -View the processes of aspecific user only
PS command:
The PS (Process Status) command on Linux is one of the most basic command for viewing the
processes running on the system. The ps command is used to provide information about the
currently running processes along with detailed information like user ID, CPU usage, memory
usage, command name etc. It does not display data in real time like top commands.
Kill Command:
The Kill command is used primarily to terminate processes. To kill, or terminate a process first
find out the PID of the process to be killed, then pass the PID number to the kill command.
Linux is a multi-user system and therefore directories and files inside a Linux computer need to
be protected from unauthorized use. Linux file access permissions are used to control who is able
to read, write and execute a certain file. Access permissions are implemented at a file level with
the appropriate permission set based on the file owner ,the group owner of the and other access.
In Linux, directories and device are also files and therefore the file permissions apply on a
directory and device level as well, although some permissions are applied differently depending
upon whether the file is a regular file, directory or device. The access permission design allows a
good amount of flexibility in what permissions can be applied.
There are three categories of permissions which apply: read, write and execute. These
permissions affect access to files and directories. The permissions can be assigned in octal
notation or in the more easily recognized character or symbolic format.
r (Read) permission to read a file. permission to read a directory (also requires “x”)
permission to delete or modify a file. permission to delete of modify file in a
w (write)
directory
x
permission to execute a file/script. permission to read a directory(also requires ‘r’)
(Execute)
To view file and directory permissions and ownership use -l option of the ls command will
expand the file listing to include both the permissions of a file and the ownership.
IMAGE
Using number is another method which allows you to edit the permissions for all three owner,
group and other at the same time. A numeric move is from one to four octal digits, derived by
adding upon the bits with value,4,2 and1. Omitted digits a assumed to be leading zeros. The
single octal digit presents the there symbolic letters using a number weight in scheme.
chown command:
The chown command stands for “changing owner”, and allows changing the owner of a given
file or folder, which can be a user and a group. chown command is used to change ownership as
well as group name associated to different one, whereas chgrp can change only group associated
to it.
chgrp command:
chgrp (change group) is a command which is useful to change group associated to a file or folder
from group to another in a Linux. This is sister command to chown which is used to change
owner of the file or folder as well as group name associate with that file.
Umask:
UMASK(User Mask or User file Creation Mask) is the default given when a new file or folder is
created. The default umask 002 used for normal size. With this mask default directory
permissions are 775 and default the permissions are 664. The default umask for the root user is
022 result into default directory permissions are 755 and default permissions are 664. The
minimum UMASK value for afile is 000 to 666 .The file has 666 because only scripts and
binaries should have executed permissions, normal and regular files should have just read and
write permissions: Directories require execute permissions for viewing the contents in it, so they
can have 777 permissions. Simple subtract the umask from the default to determine the final
permission for file: 666 -002=664: simply subtract the umask from the default permissions to
determine the final permission for directory :777-002=775
Special Permissions:
There will be items when the standard ugo and rwx permissions don’t provide enough flexibility
to allow a group of people to work collaboratively. That’s why another set of permissions, called
“Special Permission” are available. There are three special permission that can be assign to a file
or directory apart from basic file permission (rwx). With the help of “chmod” command we can
implement the special permissions or advance permission on file and directories. SUID- Set User
ID, SGID- Set Group ID and Sticky Bit.
This permission only makes sense if you apply it to a file that is an executable (shell script). You
can apply this permission with chmod command and the “s” value:chmod u+s testscript.sh The
“s” under the user’s permission means that if an “other” runs the script, then the script will run
with the same level of privileges as whoever is the owner, of this file. For example, the suid
permission on the passwd command make it possible for a normal user to change passwords by
updating few system files like /etc/passwd and /etc/shadow which cant be update by non-root
accounts. Therefore, passwd command always run with root user rights.
SGID can also be used on a directory so that every file created in that directory will have the
directory group owner rather than the group owner of the user creating the file.
Sticky Bit:
If sticky bit is applied on a file or directory, then only root and owner of that file or directory can
delete it. Even if other users are having full permission they cannot delete the file or directory.
chmod o+t folder. “T”, which means sticky bit has been applied. The sticky bit is primarily used
on shared directories.
Daemons:
They are the processes which run in the background and are not interactive. They have no
controlling terminal. They perform certain actions at predefined times or in response to certain
events. In Linux, the names of daemons end in d. Some examples include httpd, nfsd,
sshd,named and lpd. Daemons usually perform critical system tasks such as control swap-space,
memory management and various other tasks. Service run on Windows, Daemons run on Linux.
In short, system service in Linux are called Daemons.
Introduction to Systemd:
Systemd is a system and service manager for Linux-based operating system for managing
services. Systemd as a default “service management tool. Systemd uses “units”, which can be
services (.service), mount point (.mount, device(.device), or socket (.socket). The systemctl
command manages all these types of unis. In short, Systemd is a suie of tools that provides
system and services management for the Linux operating system
Introduction to Systemctl:
system and service manager. To manage services on a systemd enabled for controlling the
systemd the systemctl command. To manage services on a systemd enabled server, our main tool
is the systemctl command. To view, start, stop, restart, enable, or disable system services
daemons, use the systemctl command
Introduction:
A standard logging system based on the Syslog protocol is built into Red Hat Enterprise Linux.
Many programs use this system to record events and organize them into log files. In Red Hat
Enterprise Linux 7, syslog messages are handled by two services, systemd-journald and rsyslog.
The systemd-journald daemon provides an improved log management service that collects
messages from the kernel, the early stages of the boot process, standard output and error of
daemons as they start up and run , and syslog. It writes these messages to a structured journal of
events that, by default, does not persist between reboots. This allows syslog messages and events
which are missed by syslog to be called in one central database. The syslog messages are also
forwarded by system-journald to rsyslog for further processing.
By default, the systemd journal is kept in /run/log/journal, which means it is cleared when the
system reboots.
If the directory /var/log/journal exists, the journal will log to that directory instead. The
advantage of this is the historic data will be available immediately at boot.
However, even with a persistent journal, not all data will be kept forever. The journal has a built-
in log rotation mechanism that will trigger monthly.
By default, the journal will not be allowed to get larger than 10% of the file system it is on, or
leave less than 15% of the file system free. These values can be tuned in
/etc/systemd/journald.conf
The NTP (Network Time Protocol) is a standard way for machines to provide and obtain correct
time information on the internet. A machine may get accurate time information from public NTP
services on the internet such as the NTP pool Porject. A high-quality hardware clock to server
accurate time to local clients is another option.
Introduction of IP Address
IPv4 IPv6
It has 32 bits It has 128 bits
Contain only 4 block It contain 8 block
8 bits in one block 16 bits in one block
e.g. 192.168.0.1 ABCD:0000:0000:0000:23B2:00FF:B231:12AC
Decimal Hexadecimal
Dotted (.) Colane (:)
Classes of Addressing: The developers of the internet planned to create classes of networks as
per there network size. The classes of network are:
There are two types of IP address, one is public and other is private.
Public IP address: A public IP address is assigned to every computer that connects to the
Internet where each IP is unique. Hence there cannot exist two computers with the same public
IP address all over the Internet. The public IP address is assigned to the computer by the Internet
Service Provider (ISP) as soon as the computer is connected to the Internet Gateway.
Private IP address: The private IP addresses can be used on the private network of any
organization in the world and are not globally unique.There addresses can be used on a private
network, but they’re not routable through the Internet. It is designed for the purpose of creating a
measure of well-needed security, but it also conveniently saves valuable IP address space.
Network interface Names:
Ethernet interface begin with en, WLAN interface bein with wl, and WWAN interfaces begin
with ww. The next character represents the type of adapter with an o for on-board, s for hot-
plugslot, and p for PCi. a number N is used to represent an index, ID, or port. If the fixed name
cannot be determined, the traditional names such as ethN will be used.
Example: en01, the first embedded network interface and enp2s0, a PI card network interface.
or IPv6 and also query DNS records. Hostname is to identify in a network. Execute hostname
command to see the hostname of your box. The ss command is used to display Socket Statistics.
It is similar to the netstat command.
Network Manager:
This is collection of GUI (Graphical User Interface), TUI (Text User Interface), and CLI
(Command Line Interface) utilities that are used to configure your network settings. All these
utilities interact with the NetworkManager service: NetworkManager is a daemon that monitors
and manages network settings.
ifconfig in short ‘Interface Configuration’ utility for in Linux operating system to configure,
manage and query network interface parameters via command line interface or in a system
configuration scripts. The ‘ifconfig’ command is used for displaying current network
configuration information, setting up an ip address, or netmsk to a network interface, setting up
hardware address and enable or disable network interfaces.
NMCLI stands for (Network Manager Command Line Interface). NMCLI is a command-line
tool for controlling NetworkManager and getting its status. nmcli is used to create, display, edit,
delete, activate, and deactivate network connection, as well as control and display network
device status. nmcli add syntax: #nmcli connection add type Ethernet con-name
NAME_OF_CONNECTION ifname interface-name ip4 IP_ADDRESS gw4 GW_ADDRESS
Replacing the NAME_OF_CONNECTION with the name you wish to apply to new connection,
the IP_ADDRESS with the IP address you wish to use and the GW_ADDRESS with the
gateway address you use.
The /etc/resolv.conf file contains directives with the IP addresses of nameservers available to a
host. The /etc/hosts file keeps a local name database. This file helps in local name resolution if
yourlocal DNS server is not functioning. You can manually populate entries in this file.
Introduction:
Installing, updating and removing installed programs are key responsibilities in a system
administrator’s daily life. When a machine is connected to the internet, these task can be easily
performed using a package management system such as yum. However, when a machine does
not have access to the internet, another method is necessary. Local yum repository is the most
effective way to perform any type of package installation without any internet connection.
RPM:
RPM (Red Hat Package Manager) is a default open source and most popular management utility
for Red Hat based systems. The tool allows system administrators and users to install, update,
uninstall, query, verify and manage system software packages in Linux operating systems. The
RPM formerly known as (.rpm) file, that includes compiled software programs and libraries
needed by the packages. This utility only works with packages that built on (.rpm) format.
Go to Package directory
[root@asim ~]# cd /run/media/cms/CentOS\ 7\ x86_64/
Install package
[root@asim Packages]# rpm -ivh vsftpd-3.0.2-25.el7.x86_64.rpm
Upgrade and Install
[root@asim Packages]# rpm -U vsftpd-3.0.2-25.el7.x86_64.rpm
Upgrade package if already installed
[root@asim Packages]# rpm -F vsftpd-3.0.2-25.el7.x86_64.rpm
Show all queries
[root@asim Packages]# rpm -qa
Queries whether package is install or not
[root@asim Packages]# rpm -q vsftpd
Display information
[root@asim Packages]# rpm -qi vsftpd
Erase or uninstall
[root@asim Packages]# rpm -e vsftpd
YUM stands for Yellowdog Updater Modified. It is an interactive, rpm based package manager.
When installing RPM packages most of packages require dependencies but when installing any
package with the help of YUM package management tool it helps to install, remove or update the
package through the network or local, at the same time it provides an easy method to install a
package with its dependent packages.
To add a new or update an existing repository, go to the /etc/repos.d directory and create or open
a file that end with .repo. Repository sources can be created using the create repo package. The
main aim to create such an offline repository it works faster than online repository which can be
configured locally.
If you have to install software, security updates and fixes often in multiple systems in your local
network, then having a local repository is an efficient way. Because all required packages are
downloaded over the fast LAN connection from your local server, so that it will save your
internet bandwidth.
vi text editor:
Command Mode:
command which cause action to be taken on the file. This mode is used for the file navigation,
cut and paste, and simple commands such as undo and redo.
Insert Mode:
This mode is used for normal text editing means entered text is inserted into the file. Accessed by
typing the letter “i” or “I”, we simple enter text. Most keystrokes result in text appearing on the
screen. To get out of insert mode, hit the “esc” Escape key. Once you press “Esc” Escape key it
will turns off the insert mode.
Last-Line Mode:
This mode is used to save, quit and open files, as well as search & replace and other operaion.
Press “:” and vi will switch to Last-Line Mode. Enter a command like “:w” to write the file or
“:q” to exit the editor.
Starting vi:
You may use vi to open an already existing file by typing (#vi filename) where “filename” is the
name of the existing file. If the file is not in your current directory, you must use the full
pathname. Or you may create a new file by typing (#vi newname) where “newname” is the name
to give the new file. Once open new file on-screen, you will see blank lines, each with a tidle (~)
at the left, and a line at the bottom giving the name and status of the new file:
The Instructor will demonstrate a typical file editing session using only basic Vim keystrokes.
Enter text
Repeat this text deletion cycle, as many times as the task required:
To save or exit, choose one of the following to write or discard file edits:
Enter :w to save the file and remain in command mode for more editing.
Enter :q! to quit vim, but discard all file changes since the last write.
In vim, copy and paste is known as yank and put, using command characters y and p. Begin by
positioning the cursor on the first character to be selected, then enter visual mode. Use arrow
keys to expand the visual selection. When ready, press y to yank the selection into memory.
Position the cursor at the new location, then press p to put the selection at the cursor.
The instructor will demonstrate “yank and put” using visual mode.
To save or exit, choose one of the following to write or discard file edits:
Enter :w to save the file and remain in command mode for more editing.
Enter :q! to quit vim, but discard all file changes since the last write.
EXAMPLES:
Constructing pipelines
Redirection controls channel output to or from files while piping sends channel output to another
process
Grab the first line, last line, or selected lies of command output.
[cms@asim ~]$ ls -t | head -n 10 > /tmp/ten-last-changed-files
Determine the terminal device for the current window. Send the results as mail and view the
same results in this window.
Hard disks and storage devices are normally divided up into smaller chunks called partitions. A
partition is a way to compartmentalize a disk. Different parts of it can be formatted with different
file systems or used for different purpose. For example, one partition could contain user home
directories while another could contain system data and logs. If a user fills up the home directory
partition with data, the system partition may still have space available. Placing data in two
separate file systems on two separate partitions helps in planning data storage.
Storage devices are represented by a special file type called block device. The block device is
stored in the /dev directory. In Red Hat Enterprise Linux, the first SCSI, PATA/SATA, or USB
hard drive detected is /dev/sda, the second is /dev/sdb, and so on. This name represents the whole
drive. The first primary partition on /dev/sda is /dev/sda1, the second partition is /dev/sda2 and
so on.
The mount command expects the file system argument in one of two different ways:
The device file of the partition holding the file system, residing in /dev
Mount by device file of the partition that holds the file system
[root@asim ~]#mount /dev/vdb1 /mnt/xyz
Removable media, such as USB flash device and drives, get automatically mounted by the
graphical desktop environment when plugged in. The mount point for the removable medium is
/run/media/<user>/<label>.
The <label> is the name given to the file system when it was created.
[root@asim ~]#blkid
[root@asim ~]#mkdir /mnt/xyz
Or
[root@asim ~]#mount UUID=”12xz97 1265qd 49624s 78qsz6” /mnt/xyz
[root@asim ~]#cp f1.txt /mnt/xyz
[root@asim ~]#umount /mnt/xyz
A hard link is a new directory entry with a reference to an existing file on the file system. Every
file in a file system has one hard link by default. To save space, instead of copying, a new hard
link can be created to reference the same file. A new hard link either needs to have a different
file name, if it is created in the same directory as the existing hard link, or it needs to reside in a
different directory. All hard links pointing to the same file have the same permissions, link count,
user/group ownership, time stamps, and file content. Hard link pointing to the same file content
need to be on the same file system.
A system administrator needs tools for searching files matching certain criteria on the file
system. This section discusses two commands that can search files in the file system. The locate
command searches a pre generated database for file names or file paths and returns the results
instantly. The find command searches the file system in real time by crawling through the file
system.
When searching entries as a regular user, results are returned only for where the user invoking
the locate search has read permissions on the directory trees readable by user student on
machine.
Kickstart
July 14, 2019
Introduction:
To automate the installation of Red Hat Enterprise Linux a feature called Kicstart. A single file
containing the answers to all the questions that would normally be asked during a typical
installation. Kickstart installation can be performed using a local CD-ROM, a local hard drive, or
via NFS, FTP, or HTTP. Kickstart perform Automatic installations of RHEL/CentOS7, without
the need for user intervention, the machines using a kickstart file read from a local FTP server.
Kickstart in Red Hat Enterprise Linux is similar to unattended installation for Microsoft
Windows. The default configuration file for kickstart “anaconda-ks.cfg” is available in the home
directory of the root user. In kickstart configuration file lines start with # characters are
comments that are ignored by the installer. Line that starts with a % character and end with the
%end is directive. The %packages section specifies the software to be installed on the target
system. %post, Configure the system after all the software has been installed. The %pre, script is
executed before any disk partitioning is done.
1) Basic configuration
2) Installation Method
4) Partition Information
Click on Add
Ok
Click on Add
Ok
Click on Add
Ok
5) Network Configuration
ok
6) Authentication
Leave as it is
7) Firewall configuration
Disable SELinux
8) Display configuration
Leave as it is
9) Package Selection
Do this later
[root@asim ~]#cd ~
[root@asim ~]#ls
Copy packages
Press Tab on Client and type FTP location ks=ftp://192.168.220.138/ks.cfg with ip=192.168.220.140
netmask=255.255.255.0-static IP and gateway configuration
Creating and Editing Text File with Vim
July 14, 2019
Introduction:
Vim stands for Visual Interface IMprove is an improved version of VI (Visual interface), a
famous text-editor in Linux. VIM is display-oriented: the screen of terminal acts as a window
into the file you are editing. Changes you make to the file are reflected in what you see. Vim is
backward-compatible with vi. Vim editor provides syntax highlighting, completion modes, spell-
checking, scripting in multiple languages, file-type plug-ins, and many other options. VIM editor
is a full screen editor and has three modes of operations”
Command Mode:
Command which cause action to be taken on the file. This mode is used for the file navigation,
cut and paste, and simple commands such as undo and redo.
Insert Mode:
This mode is used for normal text editing means entered text is inserted into the file. Accessed by
typing the letter “i” or “I”, we simple enter text. Most keystrokes result in text appearing on the
screen. To get out of insert mode, hit the “esc” Escape key. Once you press “Esc” Escape key it
will turns off the insert mode.
Last-Line Mode:
This mode is used to save, quit and open files, as well as search & replace and other operation.
Press “:” and vi will switch to Last-Line Mode. Enter a command like “:w” to write the file or
“:q” to exit the editor.
D Cut from the current cursor position to the end of the line
P Paste
:/ To search forward
:? To search backward
Introduction:
By default, Linux kernel considers all processes equally important and allocates the same amount
of CPU time for each process. Sometimes, you might want to increase or decrease the priority of
certain processes to utilize more CPU time.
Process Definition:
A process is a running program. So, any running program or a command given to a Linux system
is called a process. Linux can run a lot of processes at a time, which can slow down the speed of
some high priority processes result in poor performance. The default value of all the processes is
0.
Sometimes, we might want to increase or decrease the priority of certain processes to utilize
more CPU time. This is where the nice and renice commands comes in help. Nice command is
used for run a process with a user defined priority whereas renice command changing the priority
of an already running process. With the help of nice command in Linux you can set process
priority. If you give a process a higher priority, then kernel will allocate more CPU time to that
process. Nice command will launch a process with a user defined scheduling priority.
Whenever a process start normally, it gets the default nice value (0). If you start a process with
nice command without any arguments, it gets the default value of 10. Here 10 is the niceness
value of priority. Niceness values range from -20 to 19. The negative values such as -20 gives
higher priority to a process and positive values such as 19 gives lower priority.
Regular users are not allowed to start a process with higher priority. You need to be root user to
launch any process with higher priority.
Security Enhanced Linux (SELinux) is an additional layer of system security. A primary goal of
SELinux is to protect user data from system services that have been compromised. Most Linux
administrator are familar with the standard user/group/other permission security model. This is a
user and group-based model known as discretionary access control. SELinux provides an
additional layer of security that is object-based and controlled by more sophisticated rules,
known as mandatory access control.
SELinux is a set of security rules that determine which process can access which files,
directories, and ports. Every file, process, directory and port has a special security label called a
SELinux context. A context is a name that is used by the SELinux policy to determine whether a
process can access a file, directory, or port. By default, the policy does not allow any interaction
unless an explicit rule grants access. If there is no allow rule, no access is allowed.
Many commands that deal with files have an option (usually -z) to display or set SELinux
context. For instance, ps, ls, cp, and mkdir all use the -z option to display or set SELinux context.
SELinux modes:
For troubleshooting purpose, SELinux protection can be temporarily disabled using SELinux
modes. There are three modes in SELinux.
1) Enforcing mode: In enforcing mode, SELinux actively denies access to the web server
attempting to read files with tmp_t type context. In enforcing mode, SELinux both logs and
protects.
2) Permissive mode: Permissive mode is often used to troubleshoot issue. In permissive mode,
SELinux allows all interactions, even if no explicit rule, and it logs those interactions it would
have denied in enforcing mode. This mode can be used to temporarily allow access to content
that SELinux is restricting. No reboot is required to go from enforcing to permissive or back
again.
3) Disabled: This mode completely disables SELinux. A system reboot is required to disable
SELinux entirely or to get from disabled mode to enforcing or permissive mode.
SELinux Booleans:
SELinux Booleans are switches that change the behavior of the SELinux policy. SELinux
Booleans are rules that can be enabled or disabled. They can be used by security administrators
to tune the policy to make selective adjustments.
The getsebool command is used to display SELinux Booleans and theri current value. The -a
option causes thi command to list all of the booleans.
[root@asim ~]#getsebool -a
Display the current SELinux mode
[root@asim ~]#getenforce
Introduction:
Disk partitioning allows a hard drive to be divided into multiple logical storage units referred to
as portions. By separating a disk into partitions, system administrators can use different
partitions to perform different functions.
MBR is a scheme which supports a maximum of four primary partition. On Linux systems, with
the use of extended and logical partitions, administrator can create a maximum of 15 partitions.
Since partition size data are stored as 32-bit values, disk partitioned with the MBR scheme have
a maximum disk and partition size limit of 2 TiB.
For systems running UEFI (Unified Extensible Firmware Interface) firmware, GPT is the
standard for laying out partition table on physical hard disk. GPT is part of the UEFI standard
and addresses many of the limitation imposed by the old MBR-based scheme. Per UEFI
specification, GPT default to supporting up to size 128 partitions. Unlike MBR which use 32 bits
address. This allows GPT to accommodate partitions and disks of up to 8 zebibyte(ZiB) or 8
billions tebibytes.
We can use any other file system type like: ext2, ext3, ext4, fat, vfat, ntfs etc.
mkfs.ext4 /dev/sdc1
3. Mount/Unmount Partitions
Before mounting a disk, you are required to create a mount point. Then use the mount command to
mound disk partition on a mount point. mkdir /newDisk1
mount /dev/sdc1 /newDisk1
Use /etc/fstab file which is used for mounting disk partitions during system boot up. Add the following
entry in /etc/fstab file at the end of file.
/dev/sdc1 /newDisk1 ext3 defaults 0 2
1.To verify that the Linux kernel can see the partition, you can cat out /proc/partitions like this:
cat /proc/partitions
2.Decide what kind of filesystem you want to create, such as ext4, XFS, or anything else. Here
are a few options:
3.For the purposes of this exercise, choose ext4. (I like ext4 because it allows you to shrink the
filesystem if you need to, a thing that isn’t as straightforward with XFS.) Here’s how it can be
done (the output may differ based on device name/sizes):
1.First, identify the UUID of your new filesystem. Issue the blkid command to list all known
block storage devices and look for sda1 in the output:
Note:The df -h command shows which filesystem is mounted on which mount point. Look for
/dev/sd1. The mount command above used the device name /dev/sda1. Substitute it with the
UUID identified in the blkid command. Also, note that a new directory was created to mount
/dev/sda1 under /mnt.
3.A problem with using the mount command directly on the command line (as in the previous
step) is that the mount won’t persist across reboots. To mount the filesystem persistently, edit the
/etc/fstab file to include your mount information:
UUID=ac96b366-0cdd-4e4c-9493-bb93531be644
/mnt/mount_point_for_dev_sda1/ ext4 defaults 0 0
4.After you edit /etc/fstab, you can umount /mnt/mount_point_for_dev_sda1 and run the
command mount -a to mount everything listed in /etc/fstab. If everything went right, you can still
list df -h and see your filesystem mounted:
Introduction:
NFS, the Network File System, is an internet standard protocol used by Linux, UNIX and similar
operating system as their native netwok file system. It is an open standard under active extension
which supports native Linux permissions and file system features.
Red Hat Enterprise Linux 7 supports NFSv4 (Version 4 of the protocol) by default, and falls
back automatically to NFSv3 and NFSv2 if that is not available. NFSv4 uses the TCP protocol to
communicate with the server, while older version of NFS may use either TCP or UDP.
NFS servers, exports share (directories) and NFS clients mount an exported share to local mount
point (directory). The local mount point must exist. NFS shares can be mounted a number of
ways:
Table of Contents
Now we need to make an entry in “/etc/exports” and restart the services to make our directory
shareable in the network.
[root@nfsserver ~]# vi /etc/exports
/public (client IP)192.168.0.2(ro,sync)
/private (client IP)192.168.0.2(rw,sync)
Some other options we can use in “/etc/exports” file for file sharing is as follows.
ro: With the help of this option we can provide read only access to the shared files i.e client will
only be able to read.
rw: This option allows the client server to both read and write access within the shared directory.
sync: Sync confirms requests to the shared directory only once the changes have been
committed.
no_subtree_check: This option prevents the subtree checking. When a shared directory is the
subdirectory of a larger file system, nfs performs scans of every directory above it, in order to
verify its permissions and details. Disabling the subtree check may increase the reliability of
NFS, but reduce security.
For more options with “/etc/exports“, you are recommended to read the man pages for export.
Server end
[root@nfsserver]# cd /public
[root@nfsserver]# vim xyz
This is our NFS Client
:wq
[root@nfsserver]# cd ..
[root@nfsserver]# cd /private
[root@nfsserver]# vim xyz2
[root@nfsserver]# ls
Client end
[root@nfsserver]# c /mnt
[root@nfsserver]# ls
[root@nfsserver]# cd /private
[root@nfsserver]# ls
If you want to unmount that shared directory from your server after you are done with the file sharing,
you can simply unmount that particular directory with “umount” command. See this example below.
root@nfsclient ~]# umount /mnt/public
root@nfsclient ~]# umount /mnt/private
You can see that the mounts were removed by then looking at the filesystem again.
[root@nfsclient ~]# df -h -F nfs
Introduction:
Modern computer systems are complex combination of hardware and software. Starting from an
undefined, powered-down state to a running system with a (graphical) login prompt requires a
large number of pieces of hardware and software to work together. The following list gives a
high-level overview of the tasks involved for a physical x86_64 system booting Red Hat
Enterprise Linux 7. The list for x86_64 virtual machines is roughly the same, but some of the
hardware-specific steps are handled in software by the hypervisor.
1. The machine is powered on. The system firmware (either modern UEFI or more old-fashioned
BIOS) runs a Power On Self Test (POST), and starts to initialize some of the hardware.
Configured using: The system BIOS/UEFI configuration screens, typically reached by pressing
a certain key combination e.g. F2- early during the boot process.
2.The system firmware searches for a bootable device, either configured in UEFI boot firmware
or by searching for a Master Boot Record (MBR) on all disks, in the order configured in the
BIOS.
Configured using: The system BIOS/UEFI configuration screens, typically reached by pressing
a certain key combination e.g. F2- early during the boot process.
3. The system firmware reads a boot loader from disk, then passes control of the system to the
boot loader. On a Red Hat Enterprise Linux 7 system, this will typically be grub2.
4. The boot loader loads its configuration from disk, and presents the user with a menu of
possible configuration to boot.
6. The boot loader hands control of the system over to the kernel, passing in any options
specified on the kernel command line in the boot loader, and the location of the initramfs in
memory.
7. The kernel initializes all hardware for which it can find a driver in the initramfs, the executes
/sbin/init (from the initramfs as PID 1. On Red Hat Enterprise Linux 7, the initramfs contains a
working copy of systemd as /sbin/init, as well as a udev daemon.
8. The systemd instance from the initramfs executes all units for the initrd.target target. This
includes mounting the actual root the system on /sysroot.
9. The kernel root file system is switched (pivoted) from the initramfs root file system to the
system root file system that was previously mounted on /sysroot. systemd then re-executes itself
using the copy of systemd installed on the system.
10. systemd looks for a default target, either passed in from the kernel command line or
configured on the system, the starts (and stops) units to comply with the configuration for that
target, solving dependencies between units automatically. In its essence, a systemd target is a set
of units that should be activated to reach a desired system state. These targets will typically
include at least a text-based login or a graphical login screen begin spawned.
6. Append rd.break (this will break just before control is handed from the initramfs to the actual
system).
At this point, a root shell will be presented, with the root file system for the actual system
mounted read-only on /sysroot.
2. Switch into a chroot jail, where /sysroot is treated as the root of the file system tree.
4. Make sure that all unlabeled files (including /etc/shadow at this point) get relabeled during
boot.
5. Type exit twice. The first will exit the chroot jail, and the second will exit the initramfs debug
shell.
Introduction:
Regular expressions are used to search and manipulate the text, based on the patterns. Grep
command is used to search for a specific string in a file. Also use regular expressions with grep
command when you want to search for a text containing a particular pattern.
Regular Expressions:
Regular Expressions are special characters which help search data, matching complex patterns. A
regular expression, often shortened to “regex” or “regexp”. Regular Expression enhance the
ability to meaningfully process text content, especially when combined with other commands.
Patterns that exactly specify the characters to be matched are called “literals” because they match
the pattern literally, character-for-character.
The period character and the special meta-character (.) is used in regular expressions to mean
that any single character can exist at the specified location.
Anchors are special characters that specify where in the line a match must occur to be valid.
Use the “^” anchor before the literal string. Similarly, the “$” anchor can be used after a string to
indicate that the match will only be valid if it occurs at the every end of a line.
One of the most commonly used meta-characters is the “*”, which means “repeat the previous
character or expression zero or more times”.
We can escape characters by using the backlash character (\) before the character that would
normally have a special meaning.
One of the easiest and most useful abilities that extended regular expressions open up is the
ability to group expressions together to manipulate. Group expressions together using
parentheses.
[] Range of character
The grep command which stands for “Graphical Regular Expression Print,” The grep command
is used to search text or searches the given file for lines containing a match to the given string or
words. Use grep to search for lines of text that match one or many regular expressions, and
outputs only the matching lines. Grep is a powerful file pattern searcher in Linux.
Introduction:
Schedule tasks to automatically execute in the future. there are two basic daemons for scheduling
tasks on a Linux System “at” command which is very useful for scheduling one time tasks and
“crontab” are the routing tasks.
AT command:
The at command schedules a command to be run once at a particular time. It reads commands
from standard input or script or file which can be executed later once. The at command can’t be
used for any recurring tasks. For recurring tasks Linux crontab is used. For normal users,
permission to use at command is determined by the files /etc/at.allow and /etc/at.deny . If the file
/etc/at.allow exists, only usernames mentioned in tit are allowed to use at. If /etc/at.allow does
not exist, /etc/at.deny is checked, every user name not mentioned in it is then allowed to user at.
If neither exists, only the superuser is allowed use of at command.
Run AT command:
To start at command run at the command line, passing it the scheduled time as an option. It will
place you at a special prompt, type the command or series of commands to be run at the
scheduled time. When done, press control-D on a new line, and the command will be placed in
the queue.
Install at package
[root@asim ~]#yum install at
At command passing scheduled time Passing touch command to create file Passing another command
to save in file Press ctrl + D to terminate at command
[root@asim ~]#at 5:20pm May 5
At>touch f1
At>date > f1
At>Ctrl +D
Crontab command:
Linux crontab is similar to windows task schedules. Crontab are very useful for routin tasks like
scheduling system scanning, daily backup etc. Crontab executes jobs automatically in backend
on specified time interval. For scheduling one time tasks you can use at command in Linux. Cron
is a scheduler that can run commands at regular intervals. It’s often referred to as crontab which
is name of its configuration file and the tool used to edit the configuration file. Crontab file
consists of command per line and have six fields actually and separated either of space or tab.
The beginning five fiels represent time to run tasks and last field is for command.
[Minute][Hour][Day_of_the_Month][Month_of_the_year][Day_Of_the_Week][Command]
Introduction:
Files and directories have permission sets for the owner of the file along with the group
associated with that file and all other users of that system. But these permission sets have some
limitations. Such as Different permissions cannot be configured for different users. Thus, Access
Control List (ACL) were implemented. ACLs can be configured as per user, per group and for
users not in the user group for the file.
ACL requires kernel support and kernel must support ACL in order to implement ACL on Linux
distribution. Along with support in the kernel, the ACL package is also required to implement
ACLs. ACL package contains the utilities used to add, modify, remove andr retrive ACL
information from a file and folder. The file system needs to be mounted with ACL support
enabled. XFS filesystem have built in ACL support and Ext4 filesystem in RHEL7 have ACL
option enabled by default.
ACL use only two commands getfacl (Get File Access Control List) to see ACL permissions on
directory/file and setfact (Set File Access Control List) to set ACL permissions. The + sign at the
end of the permissions. This confirm that the file has an ACL attached to it. POSIX (Portable
Operating System Interface) ACL are two types ACL:
Access ACLs:
Default ACLs:
Default ACl can be used on directory level only. Any stub directory or file created within that
directory will inherit the ACLs from its parent directory. Make use of “-d”
To install ACL
[root@asim ~]# yum install acl
Introduction:
Keeping local user accounts for all these machines and their services in sync is a daunting task,
even more so when passwords need to remain synced.
A solution to this is to not store account information on local system, but instead retrieve this
information from a centralized store. having user information, and the associated authentication
information, centralized also allows for something call Single Sign-On (SSO). With SSO, a user
authenticates once using a password (or other means, and then obtains a form of ticket or cookie
that can be used to automatically authenticate to other services.
A centralized identity management system will need to provide at least two service:
Account information: This includes information such as username, home directory location,
UID ad GID, group membership, etc. Popular solutions include LDAP(Lightweight Directory
Access Protocol), used in multiple products such as Active Directory and IPA Server, and
Network Information Service (NIS).
Authentication information: A means for a system for a system to validate that a user is who
he/she claims to b e. This can be done by providing a cryptographic password hash to the client
system, or by sending the (encrypted) password to the server, and receiving a response. An
LDAP server can provide authentication information in addition to account information.
Kerberos only provides SSO authentication services, and is typically used alongside LDAP user
information. Kerberos is used in both IPA server and Active Directory.
change the variable of “olcSuffix” and “olxRootDN” according to your domain below:
olcSuffix: dc=learnitguide,dc=net
olcRootDN: cn=Manager,dc=learnitguide,dc=net
Add the below three lines additionally in the same configuration file olcRootPW:
{SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL
olcTLSCertificateFile: /etc/pki/tls/certs/learnitguideldap.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/learnitguideldapkey.pem
dn: cn=Manager,dc=learnitguide,dc=net
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=learnitguide,dc=net
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=learnitguide,dc=net
objectClass: organizationalUnit
ou: Group
Steps to follow for LDAP Authentication: 1.Put ‘*’ mark on ‘Use LDAP’ 2.Put ‘*’ mark on ‘Use LDAP
Authentication’ 3.Select Next and Enter. 4.Enter the server field as “ldap://linux1.learnitguide.net/”
5.Enter the base DN field as “dc=learnitguide,dc=net” 6.Select ok and Enter
Introduction:
LVM Definitions:
Implementing LV storage
Reviewing LVM status information
Removing a logical volume
Introduction:
Logical Volumes and logical volume management make it easier to manage disk space. If a
LVM-hosted file system needs more space, it can be allocated to its logical volume from the free
space in its volume group and the file system can be resized. If a disk starts to fail, a replacement
disk can be registered as a physical volume with the volume group and the logical volume’s
extents can be migrated to the new disk.
LVM Definitions:
Physical devices are the storage devices used to persist data stored in a logical volume. These are
block devices and could be disk partitions, whole disks, RAID arrays, or SAN disks. A device
must be initialized as an LVM physical volume in order to be used with LVM. The entire
“device” will be used as a physical volume.
Physical Volume (PV): PV are used to register underlying physical devices for use in volume
groups. LVM automatically segments PVs into physical extents (PE); these are small chunks of
data that act as the smallest storage block on a PV.
Volume Group (VG): VG are storage pools made up of one or more physical volumes. A PV
can only be allocated to a single VG. A VG can consist of unused space and any number of
logical volumes.
Logical Volumes (LV): LV are created from free physical extents in a volume group and
provide the “storage” device used by applications, users, and the operating system. LVs are a
collection of logical extents (LE), which map to physical extents, the smallest storage chunk of a
P.V. By default, each LE will map to one PE. Setting specific LV options will change this
mapping; for example, mirroring causes each LE to map two Pes.
Implementing LV storage
The first step is to add external storage like Hard disk or ISCSI to the virtual machine, then
follow the below steps:
Run mount –a to mount all the file systems in /etc/fstab, including the entry just added.
[root@asim ~]# mount –a
Volume Group
[root@asim ~]# vgdisplay vg-alpha
Logical Volumes
[root@asim ~]# lvdisplay /dev/vg-alpha/hercules
Introduction:
Many organization need to provide network storage and print services for a range of desktop
operating systems. Red Hat Enterprise Linux uses the Samba server to provide services that
Microsoft Windows clients can use. Samba implements the Server Message Block(SMB)
protocol, and Common Internet File System(CIFS) is a dialect of SMB. Often the two names are
users interchangeably.
2. Determine a mount point where the share should be mounted and created the mount points
empty directory.
3. Mount the network file system with an appropriate command or configuration change.
To install Samba, you will need to become root with the following command (give the root password,
when prompted):
$ su –
Before you begin to use or configure Samba, the Linux Firewall (iptables) has to be configured to allow
Samba traffic. From the command-line, this is achieved with the use of the following command:
# firewall-cmd –enable –service=samba
To start with, you must gain root privileges with (give the root password, when prompted):
$ su –
sAn smb.conf file is divided into several sections. the [global] section, which is the first section, has
settings that apply to the entire Samba configuration. However, settings in the other sections in the
configuration file may override the global settings.
To begin with, set the workgroup, which by default is set as “MYGROUP”: workgroup = MYGROUP
Since most Windows networks are named WORKGROUP by default, the settings have to be changed as:
workgroup = workgroup
In the next step, a shared resource that will be accessible from the other systems on the Windows
network has to be configured. This section has to be given a name by which it will be referred to
when shared. For our example, let’s assume you would like share a directory on your Linux
system located at /data/network-applications. You’ll need to entitle the entire section as
[NetApps] as shown below in our smb.conf file:
[NetApps]
path = /data/network-applications
writeable = yes
browseable = yes valid users = administrator
When a Windows user browses to the Linux Server, they’ll see a network share labeled
“NetApps”.
This concludes the changes to the Samba configuration file.
Any user wanting to access any Samba shared resource must be configured as a Samba User and
assigned a password. This is achieved using the smbpasswd command as a root user. Since you
have defined “administrator” as the user who is entitled to access the “/data/network-
applications” directory of the RHEL system, you have to add “administrator” as a Samba user.
You must gain root privileges with the following command (give the root password, when prompted):
$ su –
It will also be necessary to add the same account as a simple linux user, using the same password we
used for the samba user:
# adduser administrator
# passwd administrator
Changing password for user administrator
New UNIX password: ********
Retype new UNIX password: ********
passwd: all authentication tokens updated successfully.
Now it is time to test the samba configuration file for any errors. For this you can use the command line
tool “testparm” as root:
# testparm Load smb
config files from /etc/samba/smb.conf
Rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section “[NetApps]”
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
If you would like to ensure that Windows users are automatically authenticated to your Samba
share, without prompting for a username/password, all that’s needed is to add the samba user and
password exactly as you Windows clients usernames and password. When a Windows system
accesses a Samba share, it will automatically try to log in using the same credentials as the user
logged into the Windows system.
The Samba and NetBios Nameservice or NMB services have to be enabled and then started for them to
take effect:
# systemctl enable smb.service
# systemctl start smb.service
# systemctl enable nmb.service # systemctl start nmb.service
In case the services were already running, you may have to restart them again:
# systemctl restart smb.service
# systemctl restart nmb.service
Now that you have configured the Samba resources and the services are running, they can be
tested for sharing from a Windows system. For this, open the Windows Explorer and navigate to
the Network page. Windows should show the RHEL system. If you double-click on the RHEL
icon, you will be prompted for the username and password. The username to be entered now is
“administrator” with the password that was assigned.
Again, if you are logged on your Windows workstation using the same account and password as
that of the Samba service (e.g Administrator), you will not be prompted for any authentication as
the Windows operating system will automatically authenticate to the RHEL Samba service
using these credentials.
Table of Contents
Introduction:
Default configuration of firewalld zones
Pre-defined service
Configure firewall setting
Introduction:
In Re Hat Enterprise Linux 7 a new method of interacting with netfilter has been introduced:
firewalld. Firewalld is a system daemon that can configure an monitor the system firewall rules.
Application can talk to firewall to request porots to be opened using the DBus messaging system,
a feature which can be isabled or locked down. It both covers IPv4, IPv6, and potentially
ebtables settings. The firewalld daemons is installed from the firewall package. This package is
part of a base install, but not part of a minimal install.
Firewalld simplifies firewall management by classifying all network traffic into zones. Based on
criteria such as the source IP address of a packet or the incoming network interface, traffic is
then diverted into the firewall rules for the appropriate zone. Each zone can have its own list of
ports and service to be opened or closed.
Reject incoming traffic unless related to outgoing traffic or matching the ssh, mdns, ipp-client,
Home
samba-client, or dhcpv6-client pre-defined services.
Reject incoming traffic unless related to outgoing traffic or matching the ssh, mdns, ipp-client,
Internal
samba-client, or dhcpv6-client pre-defined services(same as the home zone to start with)
Reject incoming traffic unless relate to outgoing traffic or matching the ssh, ipp-client, or
Work
dhcpv6-client pre-defined services.
Reject incoming traffic unless relate to outgoing traffic or matching the ssh, ipp-client, or
Public
dhcpv6-client pre-defined services. The default zone for newly-added network interface.
Reject incoming traffic unless relate to outgoing traffic or matching the ssh, pre-defined
External services. Outgoing ipv4 traffic forwarded through this zone is masqueraded to look like it
originate from the ipv4 address of the outgoing network interface.
Reject incoming traffic unless related to outgoing traffic or matching the ssh pre-defined
Dmz
service.
Drop all incoming traffic unless related to outgoing traffic (do not even respond with ICMP
Drop
errors).
Pre-defined service
Firewalld also ships with a number of pre-defined services. These service definitions can be
used to easily permit traffic for particular network services to pass through the firewall.
dhcpv6-
Local DHCPv6 client. Traffic to 546/udp on the fe80::/64 IPv6 network
client
ipp-client Local IPP printing. Traffic to 631/udp
samba-
Local Windows file and print sharing client. Traffic to 137/udp and 138/udp.
client
Multicast DNS (mDNS) local-link name resolution. Traffic to 5353/udp to the 224.0.0.251
mdns
(IPv4) or ff02::fb (IPv6) multicast addresses.
From the configuration dropdown menu, select Permanent to switch to editing the permanent
configuration
Add the https service to the list of services allowed in the public zone.
In the Zone list, select public. Since this zone is also the default zone, it is highlighted in bold.
Activate your firewall configuration by selecting Options > Reload Firewalld from the menu.
Verify your work by attempting to view your web server contents from client PC.
This is how you configure firewalld. Follow are the some other firewalld example:
Query the current default zone.
[root@asim ~]# firewall-cmd – – get – default – zone
List all zones currently in use (have an interface or source tied to them), along with their interface and
source information.
[root@asim ~]# firewall – cmd – – get – active – zones
Route all traffic coming from the IP address or network/netmask <CIDR> to the specified zone. If no – –
zone = option is provide, the default zone will be used.
[root@asim ~]# firewall – cmd – – add – source = <CIDR> [ – – zone = <ZONE>]
Remove the rule of routing all traffic coming from the IP address or network/netmask <CIDR> to the
specified zone. If no – – zone = option is provide, the default zone will be used.
[root@asim ~]# firewall – cmd – – remove – source = <CIDR> [- – zone = <ZONE>]
Route all traffic coming from <INTERFACE> to the specified zone. If no –zone= option is provided, the
default zone will be used.
[root@asim ~]# firewall – cmd – – add – interface = <INTERFACE> [ – – zone = <ZONE>]
Associate the interface with <ZONE> instead of its current zone. If no –zone= option is provided, the
default zone will be used.
[root@asim ~]# firewall – cmd — change – interface = <INTERFACE> [- – zone = <ZONE>]
==================================================================================