INTEGRAL UNIVERSITY

LUCKNOW DASAULI, KURSI ROAD, PO BASHA (226026)

SESSION (2020-2021)

LAB MANUAL

Name: Suhail Saeed Usmani

University Enrolment No.: 1800100432
University Roll No.: 1801163014
Class Roll No: 14
Branch: B.Tech CSE (CTIS)
Year/Sem: 4th Year / 7th Sem
Mentor: Mr. Sunil Singh sir
Subject Name: Linux Administration
Subject Code: CS-352
 Experiment 1
Objective:
Configure the following tasks & verify it. (Hint - use grep/cut/tr/sed)
a) List the lines containing "/sbin/nologin" from the /etc/passwd file.
b) List only lines of output from ps, which lists running processes that contain the string "in
c) Display the list of GIDs from /etc/passwd file.
d) Alter all the letters that starts from range "a-f" to "A-F" in /etc/passwd file.

Procedure:
a. grep -v "/sbin/nologin$" /etc/passwd | cut -d: -f1
ls -ld /etc/s* | wc -l

b. Select the process by the command name. This selects the processes whose executable
name is given in cmdlist. There may be a chance you won’t know the process ID and
with this command it is easier to search.
Syntax : ps -C command_name

c. for i in $(cat /etc/passwd | cut -d: -f1); do id $i; done

d. Unix tr command copies the standard input to the standard output with substitution or
deletion of selected characters. In addition it can squeeze repeating characters into a singe
character (with option -s).

tr 'A-Z' 'a-z' < infile > outfile

 Experiment 2
Objective:
Create an alias named eth0:0 using below credentials in RHEL 5 and verify it.
(a) IP ADRESS = 172.16.0.1
(b) 255.255.0.0
(c) Default Gateway = 172.16.0.254
(d) DNS 1 = 4.2.2.1

Procedure:

Copy etc/sysconfig/network-scripts/ifcfg-eth0 file as /etc/sysconfig/network-scripts/ifcfg-eth0:0

# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
Open file /etc/sysconfig/network-scripts/ifcfg-eth0:0 using vi text editor:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
Find entry that read as follows:

DEVICE=eth0

Replace with:

DEVICE=eth0:0

Find entry that read as follows:

IPADDR=xxx.xxx.xxx.xxx

Replace it with your actual IP address:

IPADDR=172.16.0.1

At the end your file should like as follows:

DEVICE=eth0:0
IPADDR=172.16.0.1
NETMASK=255.255.0.0
NETWORK=172.16.0.0
ONBOOT=yes
NAME=eth0:0

Open file /etc/sysconfig/network-scripts/ifcfg-eth0 and make sure file does not have a
GATEWAY= entry:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
Find the entry that read as follows:

GATEWAY=your-ip
Remove or comment it out by prefixing # (hash) :

# GATEWAY=172.16.0.254

Save the file. Add the GATEWAY= to your /etc/sysconfig/network:

# vi /etc/sysconfig/network

Append or modify GATEWAY entry:

GATEWAY=172.16.0.254

Save the file. Reboot the system or run the following command:

# ifup eth0:0

OR

# service network restart

 Experiment 3
Objective:
Configure password policy for user john with below arguments in RHEL 5. After configuration
verify the policy applied.
(a) Minimum password age = 4 days
(b) Maximum password age = 15 days
(c) Inactive days = 2 days
(d) Account Expiration date = 6 months from today

Procedure:

Configuring password strength-checking in pwquality.conf

To enable using pam_quality, add the following line to the password stack in the
/etc/pam.d/passwd file:
password required pam_pwquality.so retry=3
Options for the checks are specified one per line. For example, to require a password with a
minimum length of 8 characters, including all four classes of characters, add the following lines
to the /etc/security/pwquality.conf file:
minlen = 8
minclass = 4
To set a password strength-check for character sequences and same consecutive characters, add
the following lines to /etc/security/pwquality.conf:
maxsequence = 3
maxrepeat = 3
In this example, the password entered cannot contain more than 3 characters in a monotonic
sequence, such as abcd, and more than 3 identical consecutive characters, such as 1111.

Configuring Password Aging

Password aging is another technique used by system administrators to defend against bad
passwords within an organization. Password aging means that after a specified period (usually 90
days), the user is prompted to create a new password. The theory behind this is that if a user is
forced to change his password periodically, a cracked password is only useful to an intruder for a
limited amount of time. The downside to password aging, however, is that users are more likely
to write their passwords down.
To specify password aging under Red Hat Enterprise Linux 7, make use of the chage command.
The -M option of the chage command specifies the maximum number of days the password is
valid. For example, to set a user's password to expire in 90 days, use the following command:
chage -M 90 username

You can also use the chage command in interactive mode to modify multiple password aging and
account details. Use the following command to enter interactive mode:
chage <username>
The following is a sample interactive session using this command:
~]# chage juan
Changing the aging information for juan
Enter the new value, or press ENTER for the default
Minimum Password Age [0]: 10
Maximum Password Age [99999]: 90
Last Password Change (YYYY-MM-DD) [2006-08-18]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
 Experiment 4
Objective:
Configure the following tasks:
(a) Add user accounts to your system: Joshua, alex, dax, bryan, zak, ed and manager. Assign
each user this password: 123@iMs.
(b) Add the groups to your system: sales with GID: 1000, HR with GID: 1100 and web with
GID: 1200.
(c) Add Joshua and alex to the sales group, dax and bryan to the HR group, zak and ed to the
web group and add manager to all of these groups.
(d) Login with each user & verify using id command that they are in the appropriate groups.

Procedure:
Instructions:
1. Add accounts for the following seven users to your system: joshua, alex, dax, bryan, zak, ed,
and manager. Assign each user this password: password
Since you need to add several users, a for-loop may speed things up. This can be entered on the
command line or placed in a file and run as a shell script.
for USER in joshua alex dax bryan zak ed manager
do
　　useradd $USER
　　echo password | passwd --stdin $USER
done
Note that this sets a password of password for each user.
2. Add the following groups to the system:
• sales (GID:1000)
• hr (GID: 1100)
• web (GID: 1200)
a. [root@stationX]# groupadd -g 1000 sales
b. [root@stationX]# groupadd -g 1100 hr
c. [root@stationX]# groupadd -g 1200 web
3. Add joshua and alex to the sales group, dax and bryan to the hr group. Add zak and ed to the
web group. Add manager to all of these groups. You can use usermod -G to do this:
[root@stationX]# usermod -G sales joshua
[root@stationX]# usermod -G sales alex
[root@stationX]# usermod -G hr dax
[root@stationX]# usermod -G hr bryan
[root@stationX]# usermod -G web zak
 [root@stationX]# usermod -G web ed
[root@stationX]# usermod -G sales,hr,web manager
4. You can login as each user and use the id command to verify that they are in the appropriate
groups.
You can use su - user and run the id command, or simply use the username as an argument to id:
for USER in joshua alex dax bryan zak ed manager
do
　　id $USER
done
 Experiment 5
Objective:
Use ACL to accomplish these tasks:
(a) Create groups named Admin and Web.
(b) Create users named John and Jimmy.
(c) Create a new directory named /depts/tech/. Change the permission so that root is the owner
and Admin is the group owner.
(d) Use ACL to give full permission for /depts/tech/ to the Web group.
(e) Allow John read/execute but not write permission on the /depts/tech/ directory.
(f) Allow Jimmy full permission on the /depts/tech/ directory.

Procedure:
1. Create a new directory in /depts/ called tech. Change the permissions such that root
is the owner and hr is the group. Give full access to the user and group, and no access to
anyone else. Don't forget to set the SGID bit.
a. [root@stationX]# mkdir /depts/tech/
b. [root@stationX]# chown root:hr /depts/tech/
c. [root@stationX]# chmod 2770 /depts/tech/
2. Use ACLs to give full permission for /depts/tech/ to the additional web group.
a. setfacl -m g:web:rwx /depts/tech/
3. Allow alex read/execute (but not write) permission on the /depts/tech/ directory. Set a default
ACL of read/write for alex on that directory.
a. [root@stationX]# setfacl -m u:alex:rx /depts/tech/
b. [root@stationX]# setfacl -m d:u:alex:rw /depts/tech/
4. Create some files in /depts/tech/ as several of the users and verify access. Does alex or joshua
have access to files? Does manager?
a. [root@stationX]# su - joshua
[joshua@stationX]$ touch /depts/tech/joshua
touch: cannot touch `/depts/tech/joshua': Permission denied
[joshua@stationX]$ exit
[root@stationX]# su - manager
[manager@stationX]$ touch /depts/tech/manager
[manager@stationX]$ getfacl /depts/tech/manager
... output truncated ...
[manager@stationX]$ exit
[root@stationX]# su - alex
[alex@stationX]$ touch /depts/tech/manager
[alex@stationX]$ touch /depts/tech/alex
touch: cannot touch `/depts/tech/alex': Permission denied
[alex@stationX]$ exit
 Experiment 6
Objective:
You are tasked with finding all SUID & SGID files under the / directories.

Procedure:
What is SUID and SGID?
SUID is a special file permission for executable files which enables other users to run the file
with effective permissions of the file owner. Instead of the normal x which represents execute
permissions, you will see an s (to indicate SUID) special permission for the user.
SGID is a special file permission that also applies to executable files and enables other users to
inherit the effective GID of file group owner. Likewise, rather than the usual x which represents
execute permissions, you will see an s (to indicate SGID) special permission for group user.
Let’s look at how to find files which have SUID and SGID set using the find command.
The syntax is as follows:
$ find directory -perm /permissions
Certain directories (such as /etc, /bin, /sbin etc.) or files require root privileges in order to be
accessed or listed, if you are managing your system as a normal user, use the sudo command to
gain root privileges.
How to Find Files with SUID Set in Linux
This below example command will find all files with SUID set in the current directory using
-perm (print files only with permissions set to 4000) option.
$ find . -perm /4000
How to Find Files with SGID Set in Linux
To find files which have SGID set, type the following command.
$ find . -perm /2000
To find files which have both SUID and SGID set, run the command below.
$ find . -perm /6000
 Experiment 7
Objective:
Configure your system that boots to run level 3 by default. Configure X server using command in
run level 3

Procedure:
Most users run X from runlevels 3 or 5. Runlevel 3 places your system in multi-user mode with
full networking capabilities. The machine will boot to a text-based login prompt with all
necessary preconfigured services started. Most servers are run in runlevel 3, as X is not
necessary to provide any services utilized by most users. Runlevel 5 is similar to 3, except that it
automatically starts X and provides a graphical login screen. Many workstation users prefer this
method, because it never forces them to see a command prompt.
The default runlevel used when your system boots can be found in the /etc/inittab file. If you
have a line in that file that looks like id:3:initdefault:, then your system will boot to runlevel
3. If you have a line that looks like id:5:initdefault:, your system is set to boot into runlevel
5. As root, change the runlevel number in this file to set a different default. Save the file and
restart your system to verify that it boots to the correct runlevel.

The relevant section of a sample /etc/inittab file is as follows:

# Default runlevel. The runlevels used by RHS are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have
networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:

The key line in the example above is:

id:3:initdefault:

This tells the init process that the default run level for the system is run level 3. To change to a different
run level simply change the number and save the /etc/inittab file. Before doing this, however, be
absolutely sure you know which run level you want. Selecting the wrong runlevel can have serious
consequences.
 Experiment 8
Objective:
Devise a ps command that does the following. (Hint: sort/ps/top)
(a) List all processes.
(b) For each process, prints the information which displays the percentage of CPU usage, the
process ID & name of the command that created it.
(c) The output is sorted by the %cpu value from highest to lowest

Procedure:
Part of automating your tasks, is learning how to get a script do what you would have to do yourself
otherwise. Continually adding commands to your own knowledge base is just as important.

Check Top Processes sorted by RAM or CPU Usage in Linux

The following command will show the list of top processes ordered by RAM and CPU use in
descendant form (remove the pipeline and head if you want to see the full list):
# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head

Sample Output

PID PPID CMD %MEM %CPU

2591 2113 /usr/lib/firefox/firefox 7.3 43.5
2549 2520 /usr/lib/virtualbox/Virtual 3.4 8.2
2288 1 /home/gacanepa/.dropbox-dis 1.4 0.3
1889 1543 c:\TeamViewer\TeamViewer.ex 1.0 0.2
2113 1801 /usr/bin/cinnamon 0.9 3.5
2254 2252 python /usr/bin/linuxmint/m 0.3 0.0
2245 1801 nautilus -n 0.3 0.1
1645 1595 /usr/bin/X :0 -audit 0 -aut 0.3 2.5
 Experiment 9
Objective:
Explain the suid, sgid & sticky bit permission with example

Procedure:
Understanding special permissions using SUID, SGID and sticky bit
Sometimes files required execute permissions for users which are not the members of the
owner’s group, in that case you will be required to provide special execute permissions. When
SUID is set then user can run any program like owner of the program. SUID means set user ID
and SGID means set group ID.

SUID have a value of 4 or use u+s. SGID has value of 2 or use g+s similarly sticky bit has a
value of 1 or use +t to apply the value.
Managing SUID in Red Hat Linux
Let us have a look in passwd command program which is executable by all users, you can notice
a small ‘s’ in permission of the file, due to SUID set for the program, every user can change their
own passwd by executing that passwd file.

Create some shell script as root.

# vim um.sh
Put some contents in that file
#! /bin/bash
echo "hi do you want to list contents of /root?"
read
rm -rf /
Now this is a very dangerous file, give execute permission to the file.
# chmod +x um.sh
Run that file with some non root user, file will be executed but there will be permission issue.
Let us assign special permission for that file using suid, now user can run that file like owner,
which can give some serious damage.
# chmod +s um.sh
Have a look to the permissions now

The red highlighted area indicate that the file is possessed with suid.
Important: The above script is for example only, do not run this script on your system at all, you
are never recommended to use SUID, it is never used in routine administration life, avoid to give
 special permission using SUID. Set user id is only used in some of system files like passwd
command.
Managing SGID in Red Hat Linux
A special permission given to the user for a directory, it is a temporary permission which give
rights of group membership so that the other user can use that file like member of the owner’s
group.
Example
Create a directory named /datashare
# mdkir /datashare
Create a new user named guest1
# useradd gst1
Create a group sales
# groupadd sales
Change group ownership of /datashare to sales group
# chgrp sales /datashare
Now, add user guest1 to group sales
# usermod -G guest1,sales guest1
Create a new file in /datashare directory as user guest1
# su - guest1 -c  "touch /datashare/hi.txt"
Have a look in permissions, this file belongs to group guest1

Now change group id for the folder /datashare

# chown g+s /datashare
or
# chown 2775 /datashare
Again create some file in /datashare
# su - guest1 -c  "touch /datashare/echo.txt"
Have a look on ownership again

You can see that ownership of file is changed to group sales.

Using Sticky bit in Red Hat Linux 7
Sticky bit is a permission bit that will only let the owner of the directory to delete or rename the
contents. /tmp comes with a sticky bit by default so that all of the user can access that directory,
but file created by one user can not be deleted by some another user. Have a look
# ls -ld /tmp

You can
see that although /tmp have read, write and execute permissions for all but sticky bit is enabled
which is represent by t so that only owner of the file can  delete or rename that file.
Apply sticky bit to some new folder with full permissions to all.
# mkdir /example && chmod 777 /example
Apply sticky bit with chmod command adding +t to apply sticky bit.
# chmod +t /example
Create some file with user example1. And try to delete this file logging in with user example2,

This is clear in above example that only owner of the file can delete or rename the file.
 Experiment 10
Objective:
Customize the Bash prompt as per given tasks (Hint - PS1)
(a) Display the current value of primary prompt string.
(b) Changes prompt to print a static string "ITIMS -".
(c) Restore the original prompt.
(d) Insert the bash history prompt special character "\!" between the hostname and dollar-sign.

Procedure:
Customize Bash Prompt In Linux
In BASH, we can customize and change the BASH prompt as the way you want by changing the
value of PS1 environment variable.
Now, we are going to change this prompt as per your liking by inserting some backslash-escaped
special characters called Escape Sequences.
Before going further, it is highly recommended to backup the ~/.bashrc file.
$ cp ~/.bashrc ~/.bashrc.bak
a. Display the current value of primary prompt string
echo $ps1
b. Changes prompt to print a static string "ITIMS -"
As mentioned, the BASH prompt has “username@hostname” part by default in most Linux
distributions. You can change this part to something else.

To do so, edit ~/.bashrc file:

$ vi ~/.bashrc
Add the following line at the end:
PS1=" ITIMS -> "
Once added, hit the ESC key and type :wq to save and exit the file.
Run the following command to update the changes:
$ source ~/.bashrc

c. Restore the original prompt

Add the following line at the end:
PS1=" Previous bash promt-> "
Once added, hit the ESC key and type :wq to save and exit the file.
Run the following command to update the changes:
$ source ~/.bashrc
d. Insert "\!" between the hostname and dollar-sign
Add username with hostname with \! between the hostname and dollar-sign

export PS1="\u@\h\!\\$ "

 Experiment 11
Objective:
Configure given tasks for package management: (Hint: use rpm command)
(a) Check whether ftp package is installed or not.
(b) If it is not installed, install it & verify it.
(c) Display the configuration files available through this package.
(d) Be sure that ftp service must be enabled at startup.

Procedure:
File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols found on
the Internet today. Its purpose is to reliably transfer files between computer hosts on a network
without requiring the user to log directly into the remote host or have knowledge of how to use
the remote system. It allows users to access files on remote systems using a standard set of
simple commands.
The Very Secure FTP Daemon ( vsftpd) is designed from the ground up to be fast, stable, and,
most importantly, secure. Its ability to handle large numbers of connections efficiently and
securely is why vsftpd is the only stand-alone FTP distributed with Red Hat Enterprise Linux.
a. Run the rpm -q ftp command to see if the ftp package is installed. If it is not, run the yum
install ftp command as the root user to install it.
b. In Red Hat Enterprise Linux, the vsftpd package provides the Very Secure FTP daemon.
Run the rpm -q vsftpd command to see if vsftpd is installed:
~]$ rpm -q vsftpd
c. If you want an FTP server and the vsftpd package is not installed, run the following
command as the root user to install it:
~]# yum install vsftpd
d. Run the ftp localhost command as the user you are currently logged in with. When
prompted for your name, make sure your user name is displayed. If the correct user name
is displayed, press Enter, otherwise, enter the correct user name:

~] ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.1.0)
Name (localhost:username):
331 Please specify the password.
Password: Enter your password
500 OOPS: cannot change directory:/home/username
Login failed.
ftp>
 Experiment 12
Objective:
Use rpm queries to answer the following questions.
(a) What files are in the "initscripts" package?
(b) Which installed packages have "gnome" in their names?
(c) Which RPM provides /etc/inittab?

Procedure:
What files are in the initscripts package?
[root@stationX]# rpm -ql initscripts
Which installed packages have "gnome" in their names?
[root@stationX]# rpm -qa | grep gnome
Which RPM provides /etc/inittab?
[root@stationX]# rpm -qf /etc/inittab
 Experiment 13
Objective:
Prepare a cron job that take the backup of /home at 5:00pm on every Saturday

Procedure:

Linux Cron utility is an effective way to schedule a routine background job at a specific time
and/or day on an on-going basis.

Linux Crontab Format

MIN HOUR DOM MON DOW CMD

Table: Crontab Fields and Allowed Ranges (Linux Crontab Syntax)

Field Description Allowed Value
MIN Minute field 0 to 59
HOUR Hour field 0 to 23
DOM Day of Month 1-31
MON Month field 1-12
DOW Day Of Week 0-6
CMD Command Any command to be executed.
The 5th field is DOW (day of the week). If you specify * in this field, it runs every day. To run
every Saturday, specify either 6 or Sat in this field.

The following example runs the backup.sh every Friday at midnight.

0 17 * * 6 /home/user/backup.sh
(or)
0 17 * * Sat /home/user/backup.sh

● 0 – 0 Minute
● 17 – 05 PM
● * – No specific day in month
● * – No specific month in year
● 6 – Every Saturday of the week

You can either use number or the corresponding three letter acronym for the weekday as shown
below.

● 0=Sun
● 1=Mon
● 2=Tue
● 3=Wed
● 4=Thu
● 5=Fri
● 6=Sat
Note: Get into the habit of using Fri instead of 5. Please note that the number starts with 0 (not
with 1), and 0 is for Sun (not Mon).
 Experiment 14
Objective:
Change your system date to 1:00pm 1 March 1990

Procedure:
Use the date command to display the current date and time or set the system date / time over ssh
session. You can also run the date command from X terminal as root user.

You must login as root user to use date command.

Linux Display Current Date and Time
Just type the date command:
$ date
Sample outputs:
Mon Jan 21 01:31:40 IST 2019

Linux Set Date Command Example

Use the following syntax to set new data and time:
date --set="STRING"

For example, set new data to 1 March 1990 13:00:00, type the following command as root user:

# date -s "1 March 1990 13:00:00"

OR

# date --set="1 March 1990 13:00:00"

You can also simplify format using following syntax:

# date +%Y%m%d -s "19900301"

#date +%T -s "13:00:00"