Professional Documents
Culture Documents
# Ls - L Secret: - 1 Root Root 0 May 31 10:59 Secret
# Ls - L Secret: - 1 Root Root 0 May 31 10:59 Secret
# Ls - L Secret: - 1 Root Root 0 May 31 10:59 Secret
A. Now just by saying ssh is not happening will not say anything about the
problem. It is like saying "I have a pain in my body" but where do you have the
pain to be precise? head ache? stomach pain? or what else? so you have to
narrow it down..
# ls -l secret
-rwx------ 1 root root 0 May 31 10:59 secret
# getfacl secret
# file: secret
# owner: root
# group: root
user::rwx
user:oamsys:rwx
group::---
mask::rwx
other::---
NOTE: For the sake of this example I have given full permission to oamsys but in
real all might not be needed so you can assign permission as required
RunAs(User:Group)
Follow below link to understand more about various syntax used with sudo with
examplesTutorial / Cheatsheet:12 practical examples for different sudo access
based scenarios in RHEL 7 / CentOS 7
Q. By default when I create a user I see that the default shell assigned
is /bin/bash and the default home directory which is assigned is under
/home.
How can I make sure that next time I user "useradd", the default
assigned shell is ksh and default home directory of user is
/export/home/<username>
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
So either you can use additional arguments with useradd to make sure your
home directory is "/export/home" or else you can modify the above file so that
without any additional argument the home directory will be "/export/home"
Q. There are many times a root user just leaves it session open which
is kind of breach of security as any session for any user (specially
root) if left idle for certain amount of time must be closed so that no
one can use it for some wrong purpose. How can this be achieved?
A. We can introduce TMOUT variable in the profile of the user which should do
the trick.
A. The very first thing to be done here is to edit the grub menu at boot stage and
make the system boot with alternative kernel (assuming the last kernel is still
installed) or else try booting the system with using the rescue option from the
grub menu.
Once the node is UP then you can analyse the issue of why the node is failing to
boot from new kernel. Many times the kernel is not properly installed and all the
libraries are not available which leads to this problem. or the GRUB can be
corrupted so you can regerate the initramfs using grub2-mkconfig
# grub2-mkconfig -o /boot/grub2/grub.cfg
If there is a kernel panic observed then boot the system with alternate kernel or
rescue and then enable kdump. Share the kdump with the support engineers as
they can then further try to debug the source of the problem
For more details on memory, virtual memory and swapping follow below
linksWhat is swappiness and how do we change its value?
What is virtual memory, paging and swap space?
Q. Every time I login to my Linux box instead of getting a login prompt
like "golinuxhub:~ #", I get a "-bash-4.2#" prompt, what could be the
possible reason?
A. There can be multiple reasons for it, by default when a bash shell is assigned
to a user a PS1 variable is also set which will make sure you get a proper login
prompt but for some reason if that does not happens then make sure the PS1
variable is properly set for your user.
The permanent value of PS1 is generally found in /etc/profile or can also be
found under /etc/bashrc, /etc/profile.d/* etc.
So look out for the same and make sure this file gets called every time user logs
in. By default when a user log in then ~/.profile is called so you can put the PS1
variable here or /etc/profile (assuming this file will be called internally via .profile
of each user)
For more information of PS1 variable follow below link10 examples to customize
or change the login prompt using PS1 variable of bash shell in Linux
How to change or customise login prompt for ksh shell in Linux (with examples)
How to customize and change color of the bash login prompt in Linux
Q. While attempting to do su (switch user) from one user to another
user I get an error message "Authentication failure" and the su fails
even when I know I am giving the correct password, what could be the
possible reason?
Follow below link to get the steps to reset the root passwordHow to reset or
change lost root password in RHEL / CentOS 7
But assuming you have root level access then you can use pam_tally2 (deprecated
in RHEL7) or faillock to see if the user is locked for some reason.
Below link shows more examples on how to find if a user is lockedHow to check
the lock status of any user account in Linux
If a user is locked due to failed attempts then we need to reset the account
# journalctl
Q. I have a service on my RHEL setup which I want to run on a specific
CPU core, is this possible? If yes how can this be done?
A. There is a variable CPUAffinity which can be used for this purpose. Use this
variable with the CPU core value with which you wish to bind your service in the
service unit file as shown below. Here my service will run always on 13th
processor
# vim /etc/systemd/system/test.service
...
[Service]
CPUAffinity=13
Type=forking
Restart=no
...
Below link contains more details on this topicHow to assign a service to a specific
core using systemd in RHEL 7 / CentOS 7
Q. I have a physical hardware with 10 CPU processors but I want to
use only 6 of them and I do not my application to see the other 4 CPU
processor, is it possible?
A. We can use "maxcpus" or "nr_cpus" for this purpose. This will help limit the
number of CPU processor which is visible to the kernel or any other application
running on the system.
Follow below link to get more details with examplesHow to limit CPU count or
disable CPUs in a multi core server in RHEL 7 / CentOS 7
Q. I have a script lgg_monitor.sh which will be continously running to
monitor some logs on my Linux server and it is expected that these log
size would be very high since it will be running for long time but my
server does not has enough space to capture and save these logs, is
there any way I can save them? I don't have any additional disk or any
other storage box which can be used.
A. We can use "nc" here and to transfer the logs runtime to a different node in
the network which has more space.
On the receving side run below command (Either netcat or nc can be used based
on your distribution)
You can use any other free port number, just make sure this port is open on the
firewall of receiving server.
With this the logs will not be written directly on the node where monitoring script
is running instead it will be sent to remote server.
Q. After my reboot my node, I observe that the system start up time is
different compared to the localtime even when my machine is
properly connected to the NTP server, why does the boot up logs in
/var/log/messages are getting generated with wrong date and time?
A. It is most likely because your BIOS date and time are wrongly set, go to your
linux server's BIOS and make sure the date and time is properly set. You should
also use ntpdate service to make sure the hwclock is updated with system clock
and both are in sync so you can avoid such discrepencies.
NOTE: If the BIOS date and time is incorrect then even ntpdate service cannot
help. It can only make sure that once ntpdate service comes up it will correct the
system log getting generated at the boot up stage in /var/log/messages
Follow below links to understand more about hwclock and NTP syncing with
hwclockHow to synchronise hardware clock (hwclock) with NTP in RHEL / CentOS
7
How to configure NTP client to sync with NTP server during system startup (boot)
in (RHEL 7 / CentOS 7) Linux
Q. I am trying to perform a hard disk replacement but when I plugin a
new disk to my linux server, I see some strange partitions and raid
devices are appearing on my machine. Why is this happening, how do
I correct this?
A. This is happening because most likely the disk you are using was in use in
some more node and still has data from the old server so it is always a good idea
to clear the existing partition table of the newly connected disk. You can use
"mdadm: and "wipefs" to do this.
Follow below link for more detailsHow to clear/delete all the partition table from
a disk or partition in Linux
Q. By default if a use "restart" with systemtl for a service for example
systemctl restart sshd, then it will restart sshd service but is it
possible to make sure that systemctl will perform restart only if the
provided service is in running state and if the target service is in non-
running state i.e. failed/stopped etc then systemctl should not attempt
to restart that service.
try-restart PATTERN...
Restart one or more units specified on the command line if the
units are running. This does nothing if units are not running.
Note that, for compatibility with Red Hat init scripts
So if the service is in not running state then the same will be untouched.
Follow below link to get know more of such commands with examplesEverything
you need to know before you start working with "systemd" in RHEL 7
Q. I am trying to perform kickstart based installation and my
installation fails with some error "Software selection (Source changed
- please verify)". Now there can many more such of errors so how do I
find out the root cause of the installation failure as after the failure
the kickstart anaconda doesnot provides me a login shell hence I am
unable to debug this further.
A. By default during kickstart based installation as soon as the anaconda starts
multiple terminals are created so if the installation fails at first terminal you can
always navigate to other terminal to get a bash prompt.
All the installation logs are store inside /tmp where you can try to debug the
cause of the installation failure.
Follow below link for more detailsHow to troubleshoot kickstart related issue for
"Software selection (Source changed - please verify) in RHEL
Q. During kickstart based installation of my RHEL 7 node I have
generating a log file at %pre stage for the scripts which were executed
but after a successful installation of the server when I go to the
location where the logs were saved, I do not find anything there? Does
that mean the log were never created? Did I user wrong syntax? How
do I check this?
A. To create a logfile for respctive %pre or %post section using --log argument
For example
%pre --log=/var/log/kickstart_pre.log
%end