Linux Unit 2
Linux Unit 2
com
Acuity Educare
LINUX SYSTEM
ADMINISTRATION
SEM : V
SEM V: UNIT 2
Q. List different types of partitions. How will you create partitions with the help of fdisk?
There are three types of partitions
1. Primary Partitions These are written directly to the master boot record of hard drive. After creating
four primary partitions, you can’t add any more partitions—even if there is still a lot ofdisk space
available. There’s space for just four partitions in the partition table.
2. Extended Partition Every hard drive can have one extended partition. You cannot create a filesystem
in an extended partition. The only thing you can do with it is to create logical partitions. You’ll use an
extended partition if more than four partitions are required on a hard drive.
3. Logical Partitions A logical partition is created inside an extended partition. You can have amaximum
of 11 logical partitions per disk, and you can create file systems on top of logical partitions.
• Once we select between primary, extended, or logical partitions, we need to provide partition type.
Partition type is an indication to the operating system what the partition is to be used for.On RHEL
servers, the following are the most common partition types:
o 83 This is the default partition type. It is used for any partition that is formatted with a Linux
file system.
o 82 This type is used to indicate that the partition is used as swap space.
o 05 This partition type is used to indicate that it is an extended partition.
o 8e Use this partition type if you want to use the partition as an LVM physical volume.
• Once the partition is created, restart your server to activate the new partition.
There are two ways to create and manage partitions on a Red Hat server.
1. Graphical Palimpsest tool, from Applications System Tools Disk Utility
2. Command-line tool, fdisk
fdisk tool:
1. To View All Existing Disk Partitions
# fdisk –l /dev/sda
10. Type m to see an overview of all commands that are available in fdisk.
Command (m for help): m
Command action d delete a partition
l list known partition typesm print this menu
n add a new partition
p print the partition table
q quit without saving changes
t change a partition's system idw write table to disk and exit
Page 1 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• Next enter the first sector of the partition. Press Enter to accept the default value of sector.When asked
for the last sector, type +1G and press Enter
Command (m for help): nCommand action
e extended
p primary partition (1-4)p
Partition number (1-4): 3
First sector: (press enter- use default)
Last sector, +sectors or +size{K,M,G}: +1G
• Now create an extended partition. Type n again to add this new par tition. Now choose option eto indicate
that you want to add an extended partition. Partition number is not asked as it is the last partition. Next
press Enter to accept the default first and last sector. This will use the rest ofthe available disk space for
the extended partition.
Command (m for help): nCommand action
e extended
p primary partitione
Selected Partition number 4.First sector :
Last sector, +sectors or +size{K,M,G}:
• When you press n, fdisk will create a logical par tition inside extended partition as all 4partitions are
already created.
Command (m for help): nFirst sector:
Last sector, +sectors or +size{K,M,G}: +100M
If we are happy with the partitioning, type the w command to write the new partitions to disk and exit
else press q to quit without saving.
13. To activate the new partitions reboot your server or run partprobe
# partprobe /dev/sda
Step 2:
Create directories to mount the devices.
# mkdir /dir3 /dir4
Step 3:
Open /etc/fstab in vi editor using # vi /etc/fstab, and add line with the following contents.
UUID= <copy from step1> /dir3 ext4 defaults 0 0UUID= <copy from step1> /dir4
ext4 defaults 0 0
If UUID is not generated as per step 1 then write the name of device.
Step 4: Use the vi command esc:wq! to save and apply the changes to /etc/fstab.
Step 5:Use # mount -a to verify that the device is mounted from /etc/fstab. The mount -a command tries to
mount everything in /etc/fstab that hasn’t been mounted already.
• Several file systems are available on Red Hat Enterprise Linux, currently Ext4 is used as thedefault file
system.
Ext2/3
• The predecessors of the Ext4 file system. Ext2 doesn’t use a file system journal, and thereforeit is a
good choice for very small partitions (less than 100MB).
• ext3 provides all the features of ext2, and also features journaling and backward compatibility with ext2.
• The backward compatibility enables you to still run kernels that are only ext2 aware with ext3 partitions.
You can upgrade an ext2 file system to an ext3 file system without losing any of yourdata.
• ext3’s journaling feature speeds up the amount of time it takes to bring the file system back to a normal
state if it’s not been cleanly unmounted (that is, in the event of a power outage or a system crash).
• Under ext2, when a file system is uncleanly mounted, the whole file system must be checked. This takes
a long time on large file systems. ext3 keeps a record of uncommitted file transactions and applies only
those transactions when the system is brought back up.
• ext3’s journaling feature involves a small performance hit to maintain the file system transactionjournal.
Page 3 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• Therefore, it’s recommended that you use ext3 mostly for your larger file systems, where the ext3
journaling performance hit is made up for in time saved by not having to run fsck on ahuge ext2
file system.
Ext4
• The default file system on RHEL. It is a general-purpose file system. Ext4 uses file system journaling
feature. The file system journal works as a transaction log in which the file system keeps records of files
that are open for modification at any given time.
• The benefit of using a file system journal is that, if the server crashes, it can check to see what files were
open at the time of the crash and find the damaged files
• The drawback of using a journal is that it takes up disk space. For example, an average of 50MB normally
on Ext4. That means it’s not a good idea to create a journal on very small file systems because it might
leave insufficient space to hold your files.
XFS
• Provides good performance for very large file systems and very large files.
Btrfs
• Btrfs is the next generation of Linux file system. It is based onB-tree database, which makes thefile
system faster. It also has features like Copy on Write, which makes it very easy to revert toa previous
version of a file. This file system is easy to grow and shrink. Btrfs is currently available as a tech preview
version only, which means that it is not supported and not yet readyfor production.
VFAT and MS-DOS
• Sometimes it ’s useful to put files on a USB drive to exchange them among Windows users.This is the
purpose of the VFAT and MS-DOS file systems.
GFS
• GFS is Red Hat ’s Global File System. It is designed for use in high availability clusters wheremultiple
nodes need to be able to write to the same file system simultaneously.
Q. Give steps to Create File System on partitions. List Steps to format a partition with the Ext4
file system.
# fdisk –l /dev/sda
All partitions those have type 83 (i.e linux partition) can be used to create file system.
• If this command fails means partition is not yet formatted with file system and there is nothingon this
partition.
• If the command succeeds, check that there are no files you want to keep on the partition byverifying the
contents of the /mnt directory.
c. Verify that the label is set. It is listed as the file system volume name on the first line of thedumpe2fs
output.
# dumpe2fs /dev/sda3 | less
d. mount /dev/sda3 using label on /mnt directory
# mount label=mylabel /mnt
3. Check file system integrity
• The integrity of your file systems is checked at boot, but we can use fsck command to checkintegrity.
# fsck #fsck –p
Where, p option attempts to perform an automatic repair, without prompting.
Q. Explain /etc/fstab configuration file with an example.
• To specify how the mounts should be performed, six different columns are used:
1. The name of the device to be mounted.
2. The directory where this device should be mounted.
3. The file system that should be used to mount the device.
4. Specific mount options: use defaults if you want to perform the mount without any specific
options.
5. Dump support: use 1 if you want the dump backup utility to be able to make a backup ofthis device,
and use 0 if you don’t.
6. fsck support: use 0 if you don’t want this file system to be checked automatically while booting.
Use 1 to ensure that it is checked before anything else takes place. Use 1 for theroot file system. Use
2 for all other file systems.
Step 1:
Open a root shell, and use the # blkid command to find the UUID of the /dev/sda3 device.
Step 2:
Create a directory /dir1 to mount the device.
Page 6 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
# mkdir /dir1
Step 3:
Open /etc/fstab in vi editor using # vi /etc/fstab, and add a line with the following contents.
UUID= <copy from step1> /dir1 ext4 defaults 0 0
Step 4: Use the vi command esc:wq! to save and apply the changes to /etc/fstab.
Step 5:Use # mount -a to verify that the device is mounted from /etc/fstab. The mount -a commandtries to
mount everything in /etc/fstab that hasn’t been mounted already
• LVM stands for Logical Volume Management. It is a system of managing logical volumes, or
filesystems
• If storage configuration is not going to change in future then we can use partitions instead ofLVM.
The benefit of using partition is that it is easier to create and manage partitions.
• If storage configuration is going to change like system logs can grow /var partition can be full,
increasing a partition size without LVM is very difficult. We need another disk drive, create a
/var mount point on that disk then copy all our data from the old /var to the new /var disk
location.
• With LVM, we can add another disk, create a physical volume, and then add the physicalvolume
to the volume group that contains the /var partition. Then we can use the LVM file
system resizing tool to increase the file system size to match the new partition size.
Advantages of LVM:
• LVM makes resizing of volumes possible.
• In LVM, you can work with snapshots, which are useful in making a reliable backup.
• In LVM, you can easily replace failing storage devices.
Page 7 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• lvcreate command requires volume group to use and size of the logical volume.
• To specify the size, you can use -L to specify the size in kilo, mega, giga, tera, exa, or petabytes or -l to
specify the size in extents. The extent is the basic building block of the LVM logical volume, and it typically
has a size of 4MB or use -l 100%FREE, which uses all available extents in the volume group.
The three common scenarios for resizing a logical volume are as follows:
1. Extending a logical volume if there are still unallocated extents in the volume group.
2. Extending a logical volume if there are no longer any unallocated extents in the volumegroup.
Here, extend the volume group first.
3. Shrinking a logical volume.
1. Extending a logical volume if there are still unallocated extents in the volume group.
• Assumtion: There is unallocated space available in the volume group.
• You have to grow the logical volume and extend the Ext file system.
c. Extend the file system on the logical volume to the current size of the logical volume.
# resize2fs /dev/volg/lv
2. Extending a logical volume if there are no longer any unallocated extents in the volumegroup.
Here, extend the volume group first.
• If you want to extend a logical volume and you don’t have unallocated extents in the volumegroup, you
first need to create a physical volume and add that to the volume group.
a. Use the vgs command to confirm that VFree indicates that no unallocated disk space isavailable.
# vgs
Page 9 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
b. Create a logical par tition called /dev/sdb7 that has a size of 100MB and set partition type to 8e.Write
the changes to disk and reboot your server or partprobe.
# fdisk /dev/sda
Page 10 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
1. Use vgs to get an overview of current available disk space in your volume groups.
# vgs
2. Mount the logical volume on the /mnt directory and Copy some files to the /mnt directory i.elogical
volume.
# mount /dev/volg/lv /mnt# cp /etc/* /mnt
5. create a temporary mounting point for the snapshot and check its contents
# mkdir /snapmount
# mount /dev/volg/snap /snapmount
#cd /snapmount# ls
6. remove all files from /mnt directory ( i.e logical volume contents are removed)
# rm -rf /mnt/ *
Page 11 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
7. Merge of the snapshot back into the original volume at the next volume activation.
# lvconvert --merge /dev/volg/snap
8. Unmount the original volume and deactivate then activate the original volume, which is arequired step
in merging the snapshot back into the original volume.
We don’t need to remove snapshot. By converting it to original volume, it is automaticallyremoved.
• Unmount the snapshot using, as it will no longer be available after deactivation and activationof
original volume.
# umount /snapmount
# umount /mnt.
# lvchange -a n /dev/volg/lv; lvchange -a y /dev/volg/lv
• Sometimes we may get errors in syslog relating to a device that you’re using in LVM. If thathappens, you
can move all physical extents from the failing device to another device in thesame volume group.
Step 2: Use vgreduce command to remove the physical volume from the volume group.
#vgreduce volg /dev/sda3
Page 12 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• In many cases, it’s enough to allocate just 1GB of swap space, but sometimes server is out ofmemory.
There are some scenarios in which we need more swap space.
• For example:
1. If you install RHEL Server on a laptop, we need RAM + 1GB to be able to close the lid of thelaptop to
suspend it.
2. If you install an application that has specific requirement for swap space, like Oracledatabases and
SAP Netweaver applications.
Step 4: Create a line in /etc/fstab to activate the swap space automatically the next time you rebootyour
server.
• Open /etc/fstab with an editor, and put in the following line
/swapfile swap swap defaults 0 0
Page 13 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
# partprobe
Step 2: Use mkswap to format the swap device.
# mkswap /dev/sda3
Step 4: Create a line in /etc/fstab to activate the swap space automatically the next time you rebootyour
server.
• Open /etc/fstab with an editor, and put in the following line
/dev/sda3 swap swap defaults 0 0
Or
• Find UUID with following command
# blkid /dev/sda3
• Open /etc/fstab with an editor, and put in the following line
UUID=<Universal Unique Identifier> swap swap defaults 0 0
• Normally, files on servers are protected from unauthorized access to them remotely but if someone
gets physical access then skilled person can easily gain access to all data. Hence,encrypted drives can be
used to keep data secure.
• We can use LUKS (Linux Unified Key Setup) to create an encrypted volume.
1. Create the device you want to encrypt. This can be an LVM logical volume or a partition.
# fdisk /dev/sda
# partprobe
2. Format the device as an encrypted device.
# cryptsetup luksFormat /dev/sda3Are you sure: YES
Enter LUKS Paraphrase: <password>
Open the device and assign a name to this encrypted device. This name occurs in the
/dev/mapper directory, because this entire procedure is managed by Device Mapper.
# cryptsetup luksOpen /dev/sda3 confidential
4. Create a file system on the device
# mkfs.ext4 /dev/mapper/confidential
6. After using the encrypted device, unmount and close the device. Once closed all contents onthe device
are locked.
#umount /mnt
# cryptsetup luksClose confidential
Q . Explain different init Levels &explain the purpose of inittab file What is runlevel? List
various runlevels. Explain them.
Runlevels:
• The runlevel defines the state in which the server boots.
• Every runlevel is referenced by number. Common runlevels are runlevel 3 and runlevel 5.
• Runlevel 3 is used to start services for a server that starts without a graphical user interface,and
runlevel 5 with a graphical interface.
• In each runlevel, service scripts are started. These service scripts are installed in the /etc/init.d directory
and managed with the service command.
• A service script doesn’t contain any variable parameters. All variable parameters are read while the
service script starts, either from its configuration file in the /etc directory or from a configuration file
that it uses, which is stored in the /etc/sysconfig directory.
Page 15 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• There are typically 8 runlevels on Linux system, but Fedora core or Redhat Entreprise Linux(RHEL)
systems uses 7 runlevels.
0 – Halt
1 – Single-User Mode.
2 – Not Used (User definable)
3 – Full Multiuser Mode (without GUI)4 – Not Used (User definable)
5 – Full Multiuser Mode (with GUI)6 – Reboot
• The /etc/inittab file controls the default runlevel for the system to use when it boots. We can change
the runlevel for our system by making following changes. Look for, Id:5:default in
/etc/inittab file. The number 5 in the line means that the system will boot into runlevel 5.
• If we want to boot the system in runlevel 3 then just change number 5 to number 3 so line looks like:
Id:3:default
The default runlevel for fedora core and RHEL is runlevel 5 which provides full multiuser environment and
starts the x-window system to give user graphical environment
• Runlevel 3 provides full multiuser system without graphical environment for the user.
• Runlevel 2 and 4 are not used in Fedora core and RHEL systems. These runlevels are there sothat the
user can use them to configure as desired. By doing this, we can make our own custom runlevel.
• Runlevel 1 lets us enter single-user mode. This is useful for troubleshooting or running diagnostics on
the system. But it is not usually set as the default runlevel in /etc/inittab file. If wehave problem with
the system, we can enter runlevel 1.
Q. How can rc scripts be managed using chkconfig? List and explain commands to enable the
services.
Page 16 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Enabling a Service
• To enable a service in runlevels 2, 3, 4, and 5, type the following at a shell prompt as rootuser:
• chkconfig service_name on
• For example, to enable the bluetooth service in these four runlevels, type:
• # chkconfig bluetooth on
• To enable a service in certain runlevels only, add the --level option followed by numbers from 0to 6
representing each runlevel in which you want the service to run:
• chkconfig service_name on --level runlevels
• For instance, to enable the bluetooth service in runlevels 3 and 5, type:
• # chkconfig bluetooth on --level 35
Disabling a Service
• To disable a service in runlevels 2, 3, 4, and 5, type the following at a shell prompt as root:
• # chkconfig service_name off
• For instance, to disable the bluetooth service in these four runlevels, type:
# chkconfig bluetooth off
• To disable a service in certain runlevels only, add the --level option followed by numbers from 0to 6
representing each runlevel in which you do not want the service to run:
• #chkconfig service_name off --level runlevels
• For instance, to disable the bluetooth in runlevels 2 and 4, type:
• # chkconfig bluetooth off --level 24
• With chkconfig command, the service will be started or stopped the next time you enter one of these
runlevels. If you need to start or stop the service immediately, Red Hat/Fedora also havea useful script
called service which can be used to start or stop any service for the current session. For example, to
start Apache web server using the service script, the command is as follows -
# service httpd start
and to stop the service...
# service httpd stop
Type # service httpd status, this should tell you that the httpd service is currently stopped
Q. List Network Manager Configuration Files and explain any one in detail.
Page 17 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Page 18 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Q. Give different commands to Configure Network from the Command Line. Explain ip
command with an example.
The classic tool for manual network confi guration and monitoring is ifconfig
• ifconfig is used for manual network configuration and monitoring.
• This command conveniently provides an overview of the current configuration of all networkcards.
• ifconfig is no longer used for network configuration. the ip is the default tool for manual networkconfi
guration and monitoring.
• ip command is difficult to use. This is because the ip command works with subcommands, known as
objects in the help for the command. Using these objects makesthe ip command veryversatile but
complex.
Syntax:
Page 19 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Page 20 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Checking Routing
1. Use ip route show to display your current routing config.
2. If you have a default router set, verify that there is no local firewall blocking access. To do this,use
iptables -L as root.
3. Service iptables stop then Service iptables start
4. If you don’t have a firewall issue, there might be something wrong between your default gateway and
the host on the Internet you’re trying to reach. Use traceroute, followed by the IP address of the target
host.
Checking DNS
• The third usual suspect in network communications errors is DNS.
1. check DNS configuration with dig command# dig www.redhat.com
connection timed out; no servers could be reached
2. If error comes as no DNS server could be reached, the error is probably in the local DNS configuration.
This means you have to check the/etc/resolv.conf file, which contains a list ofDNS servers to be
contacted.
# cat /etc/resolv.conf search example.com nameserver 192.168.0.70
nameserver 8.8.8.8
Q. Explain the purpose of /etc/passwd and /etc/shadow file. List and explain Configuration
Files for user management.
• /etc/passwd
• This file constains all information regarding the user. Only superuser can change this file, toother users
this file is read-only.
• Each line of the file contains information about one user, which is separated by colon (:)
• Syntax:
username:password:uid:gid:gecos:directory:shell
• In all linux system the actual password is stored in /etc/shadow, indicated by an x in the password field
in /etc/passwd. Because /etc/passwd is readable by all users, storing even encrypted passwords in it
makes password guessing easier.
• /etc/shadow is more secure because it is readable only by programs that run with root privileges, such
as login and passwd.
Page 21 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• if manual changes are made to file, you should check integrity with pwck command.
• Make sure to use the vipw command to edit the /etc/passwd and /etc/shadow files in order toprevent
locking issues if other users or commands are editing the files at the same time.
• /etc/ shadow
• The encrypted user passwords are stored in /etc/shadow. Information relating to passwordexpiry
is also kept in this file.
• It Improves system security by keeping the encrypted passwords in /etc/shadow, which is
readable only by root.
• Keeps all information about password aging.
• /etc/ login.defs
• /etc/login.defs is a configuration file that relates to the user environment but is used completelyin the
background.
• Some generic settings are defined in this configuration file.
• In login.defs, you’ll find variables. These variables specify the default values used when usersare
created.
CREATE_HOME yes UMASK 022 USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512
Q. Explain how system administrator can create, modify and delete user accounts. List and
explain commands for user management.
Page 22 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Following are the commands for adding, modifying, and deleting user accounts.
• useradd — Create user login accounts
• userdel — Delete user login accounts
• usermod — Modify user login accounts
• passwd — Set or change account passwords
useradd
The useradd command creates new user accounts and, when invoked with the -D option, modifiesthe
default values applied to new accounts.
Syntax 1:
useradd [-p passwd] [-u uid [-o]] [-g initial] [-G group[,...]][-c comment] [-d dir [–m]] ] [-sshell][-e
date] [-f time] username
Page 23 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Syntax 2:
useradd -D [-g group] [-b(base)home_dir] [-f inactive_time] [-e expire_date] [-s shell]
• To view the current default values, invoke useradd with -D and no other arguments. Thefollowing short
listing shows the defaults on a stock Red Hat Linux installation:
# useradd -DGROUP=100
HOME=/home INACTIVE=-1 EXPIRE=
SHELL=/bin/bash
Example:
# useradd –D –s /bin/ksh
Passwd
• To access the system, a user needs a password. your newly created userscan’t do anything onthe server
if they don’t have password.
• To enable these users, assign passwords using the passwdcommand.
• A user can use it to change his password. The passwd command will first prompt for the oldpassword
and then for the newone.
• The user root can use the passwd command in three generic ways.
• First, you can use it for password maintenance, for example: to change a password
• Second, it can be used to set password expiry information, which dictates that a password willexpire at
a particulardate.
• Next, the passwd command can be used for account maintenance. For example,an
administrator can use passwd to lock an account so that login is disabled temporarily.
passwd [-l] [-u [-f]] [-d] [-S] [username]
-l Enables an administrator to lock an account. For example, passwd -l lucy will lockthe account foruser
lucy.
-u Unlocks an account that has been locked before.
-S Reports the status of the password for a given account.
-e Forces the user to change their password on next login.
usernameindicates the user account on which to operate. If not specified,passwd operates on thecurrent
user’s account.
Usermod
• The usermod command modifies the given user’s account in various ways such as changing ahome
directory.
Syntax:
usermod [options] username
usermod [-p passwd] [-u uid [-o]] [-g group] [-G group[,...]] [-c comment] [-d dir [-m]] [-sshell][-e
date] [-f inactive] [-l new_username] [-L|-U] username
example:
usermod –d /home/homejaya jaya
At least one option must be specified, but -p, -U, and -L may not be used together in anycombination.
Userdel
• The userdel command deletes a user account and, optionally, related files.
You cannot delete the account of a logged in user, so userdel fails if username is logged in.
Its syntax is:
userdel [-r][f] username
where,
username identifies the user account to delete.
-r deletes the corresponding home directory and mail spool. Without -r, userdel removes only theaccount
references in the user and group database files.
-f If there are files that are not owned by user in his home directory, userdel can’t remove it. If thisis the
case, add the option –f.
Q. Which command is used to change the expiration policy for user’s password? Explain with
suitable example.
# chage [-d lastpwchangedate] [-m mindays] [-M maxdays] [-W warndays][-Iinactive] [-E expirydate]
username
Step 3: Set Password Expiry Date for an user using chage option -MSyntax: # chage -M number-of-days
username
# chage -M 10 testuser
# chage --list testuser
Maximum number of days between password change 10
Step 6: Set the password expiry warning message days (By default, this value is set to 7.)
# chage –W 10 testuser
groupname:password:gid:userlist
o groupnameis the name of the group
o passwordis an optional field containing the encrypted group password
o gidis the numeric group ID number
o userlistis a comma-separated list of the user account names that comprise the group
o If x appears in the password field, nonmembers of the group cannot join it using the newgrp
command.
admins:x:507:repo,heera,lopo
groupname is admins; password is empty, meaning no group password has been set; gid is
503;and userlist is repo,heera,lopo.
• /etc/gshadow
• The /etc/gshadow file is readable only by the root user and contains an encrypted password for
each group, as well as group membership and administrator information.
Page 26 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• Just as in the /etc/group file, each group's information is on a separate line. Each of these linesis
a colon delimited list including the following information:
o Group name — The name of the group.
o Encrypted password — The encrypted password for the group. If set, non-members of the
group can join the group by typing the password for that group using the newgrp command.
If the value of this field is !, then no user is allowed to access the group usingthe newgrp command.
o Group administrators — Group members listed here (in a comma delimited list) can add or
remove group members using the gpasswd command.
Group members — Group members listed here (in a comma delimited list) are regular,non-administrative
members of the group
Q. List and explain commands for Group management. Explain with example how to create
new group?
• There are three commands to manage the groups in your environment: groupadd, groupdel,and
groupmod.
1. groupadd
• To create a new group, use the groupadd command.
• Its syntax is:
groupadd [[-g gid [-o]] [-r] [-f] groupname
• groupnameis the only required argument and must be the name of a non-existent group. Wheninvoked
with only the name of the new group, groupadd creates the group and assigns it the first unused GID
that is both greater than 500 and not already in use.
• -g -gid option if you want to specify the new group’s GID, replacing gid with a unique GID (usethe -o
option to force groupadd to accept a nonunique GID).
• For example:The following command creates a new group named admins:# groupadd admins
Here is the resulting entry created in /etc/group:
admins:x:507:
2. groupdel
• The groupdel command modifies the system account files and deletes all entries that referto GROUP.
• syntax:
groupdel [options] GROUP
• options
• -h: Display help message and exit.
• -R: Apply changes in the CHROOT_DIR directory and use the configuration files fromthe CHROOT_DIR
directory.
Page 27 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Example:
# groupdel mygroup
3. groupmod
• Modify a group definition on the system.
• Syntax:
groupmod [options] GROUP
• OPTIONS
• -g: The group ID of the given GROUP will be changed to GID. The value of GID must be a non-negative
decimal integer. This value must be unique, unless the -o option is used.
• -h: Display help message and exit.
• -n: The name of the group will be changed from GROUP to NEW_GROUPname.
• -o: When used with the -g option, allows to change the group GID to a non-unique value.
• -p: The encrypted password
• -R: Apply changes in the CHROOT_DIR directory and use the configuration files fromthe CHROOT_DIR
directory.
• For example:
• To change groupid of group:
# groupmod -g 777 oldgroup
• The local user database in /etc/passwd and /etc/shadow is used in a default installation ofRed Hat
Enterprise Linux.
• In a corporate environment, an external source of authentication is used, such as an LDAP directory
server or an Active Directory servicethat is offered by Windows servers on thenetwork.
• To configure our server to use thesesources, we can use the system-config-authentication tool or
authconfig.
Page 28 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
2. On the Advanced Options tab, you can enable advanced authentication methods, such as theuse of a
fingerprint Reader
Page 29 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
1. Start system-config-authentication, and on the Identity & Authentication tab, select LDAP. Thisopens a
window in which you can enter all the parameters that are required to connect to an LDAP server.
2. In the User Account Configuration section, enter the LDAP search base DN. eg
dc=example,dc=com.
3. In the LDAP Server field, enter the IP address eg. 127.0.0.1.
4. Select TLS, and click Download CA Certificate. This opens a browser that allows you to specifythe URL
from where the TLS certificate can be downloaded. Skip this task.
5. Under Authentication Method, make sure that Kerberos password is selected. Enter the namesof the
realm, the KDC, and the admin servers you want to use. We can use default settings.
6. Click Save to apply the settings. The system-config-authentication tool is closed and sssd
service is started.
Page 30 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
After setting the connection parameters, click Join Domain to join your Red Hat serverto thedomain, provide
administrator password.
When a user authenticates to our server, the local user database files/etc/passwd and
/etc/shadow is used on a default configuration.
• If wev have used external authentication source sssd, PAM and /etc/nsswitch.conf are used.
a. sssd
• The sssd service provides information about all available authentication sources, and it is alsocapable of
providing offline authentication.
• This means that if you’re on a laptop that is temporarily disconnected from the network, you canstill
authenticate against the external authentication service using the sssd cache.
• The sssd configuration file is /etc/sssd/sssd.conf.
For example: LDAP authentication information written to sssd, when LDAP is configuredid_provider = ldap
ldap_search_base = dc=example,dc=comldap_uri= ldap://127.0.0.1/ ldap_tls_cacertdir =
/etc/openldap/cacertsauth_provider = krb5
krb5_realm = EXAMPLE.COM krb5_kdcip = kerberos.example.com krb5_server = kerberos.example.com
.
.
.
b. nsswitch
The /etc/nsswitch file is used to provide configuration information for different services on acomputer.
For example: /etc/nsswitch.conf filepasswd: files sssd
shadow: files sssdgroup: files sssd hosts: files dns ethers: files netmasks: files networks: files protocols:
files rpc: files
services: files
Configuring PAM
/etc/securetty file isused by the PAM configuration file for login.
The /etc/securettyfile defines the terminals on which it is secure for user root to log in.
1. Open a root shell. Using vi, modify the /etc/securetty file in this root shell and remove the linethat
contains the text tty4.
2. Use the Ctrl+Alt+F4 key sequence to open tty4. Log in as root. You’ll notice this doesn’t work.
3. Open the /etc/pam.d/login file and see that it uses /etc/securetty.
4. Open tty4 again, and now log in as other user and use su - to get to root permissions. You’llnotice that
this works.
5. Open the /etc/pam.d/su file, and add the following on the first line:
Page 31 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
a. chown
• If you want to use the chown command, use a :in front of the group name.
• For example:
• # chown :account /home/account
• This command will change the group owner of directory /home/account to the group account.
b. chgrp
• You can also use the chgrp command for the same purpose.
• # chgrp account /home/account
• Set group ownership for the directory /home/account to the group account.
You can use the option -R with chgrp to change group ownership recursively.
Q. What are file and directory permissions? How to change permissions. Explain chmod
command.
The three basic permissions allow you to read, write, and execute.The effect of these permissions is
different for files and directories.
Files
• The readpermissiongives you the right to open the fi le for reading.
Page 32 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• For example, if we want to set read, write, execute for the user, read and execute for the group,and
read and execute for others on the file /somefile, we would use the chmod command
• # chmod 755 /somefile.
• When using chmod this way, all current permissions are replaced by the permissions you set.
• If we want to modify permissions relative to the current permissions, we can use chmod in relative mode.
• When using chmod in relative mode, you work with three indicators to specify what you want to do. First
you’ll specify for whom you want to change permissions. To do this, you can choose between user (u),
group (g), and others (o).
• Next you use an operator to add or remove permissions from the current mode or set them inan
absolute way.
• At the end, you use r, w, and x to specify the permissions you want to set.
• When changing permissions in relative mode, you may omit the “to whom” part to add or remove a
permission for all entities.
Page 33 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
For example, # chmod +x somefile would add the execute permission for all users.
• When working in relative mode, you may use more complex commands as well.
• For example: #chmod g+w,o-rsomefile
• This command add the write permission to the group and remove read for others.
• To apply SUID, SGID, and sticky bit, you can use the chmod command.
• SUID has numerical value of 4, SGID has numerical value of 2, and sticky bit has numericalvalue of 1.
• If wewant to apply these permissions, we need to add a four-digit argument to chmod.
• For example: a user needs to change their password. To do this, the user needs to write the new
password to the /etc/shadow file. But this file is not writable for users who don’t have rootpermissions.
• The SUID permission is applied by default to /usr/bin/passwd.
Page 34 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• This means that when changing a password, the usertemporarily has root permissions, whichallow the
user to write to the /etc/shadow file.
• SUID can be set in two ways
1) Symbolic way (s, Stands for Set)
Numerical/octal way (4)
Symbolic way:
• chmod u+s file1.txt
• Here owner permission execute bit is set to SUID with +s
Numerical way:
• chmod 4750 file1.txt
• Here in 4750, four indicates SUID bit set, seven for full permissions for owner, five for read andexecute
permissions for group, and no permissions for others.
Numerical way:
• chmod 2750 file1.txt
• Here in 2750, 2 indicates SGID bit’set, 7 for full permissions for owner, 5 for read andexecute
permissions for group, and no permissions for others.
Page 35 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
sticky bit:
• Sticky bit permission is used to protect files against accidental deletion in an environment where
multiple users have write permissions in the same directory. For this reason, it is appliedas a default
permission to the /tmp directory, and it can be useful on shared group directories as well.
Without sticky bit, if a user can create files in a directory, the user can also delete files from thatdirectory. In
a shared group environment, this can be a problem
• When applying sticky bit, a user can delete files only if either of the following is true:
• The user is owner of the file
• The user is owner of the directory where the file exists
Symbolic way:
• chmod o+t /myfolder/
• or
• chmod +t /myfolder
• Setting Sticky Bit(+t) to folder by using chmod command.
Numerical way:
• chmod 1757 /myfolder/
• Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute
permissions for group, and full permissions for others.
Note: Capital alphabel S, T means file/folder does not have executable permissions.
• Advanced permissionsdon’t allow us to give permissions to more than one user or one groupon the
same file. This feature is given by access control lists (ACLs).
• Drawback of ACL is all utilities doesn’t support it
Page 36 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
• There are two ways to add file system support for permissions. First, if you’re using the Ext4 file
system, ACL support is added to all file systems that were created while installing the system.
• You can verify this is the case by using the dumpe2fs utility on the device you want to check.
• For example, use dumpe2fs /dev/sda1 to check to see whether ACLs are supported on the filesystem
on the device /dev/sda1.
• The Default mount options line shows the current default mount options for your file system.
• If your file system doesn’t offer support for permissions, you can use tune2fs to add support toit, or you
can use acl as a mount option in fstab to activate it on every mount. To add acl support by using
tune2fs, use the command tune2fs -o acl,user_xattr /dev/yourdevice.
Another option is to put the ACL option in fstab so that it is activated every time your systemreboots. Just
make sure that in /etc/fstab, the fourth column reads acl,user_xattr.
Changing and Viewing ACL Settings with setfacl and getfacl
• To set ACLs, you need to use the setfacl command. To see your current ACL settings, youneed to use
getfacl.
Changing group ACLs using setfacl [root@hnl /]# setfacl -m g:sales:rx /data[root@hnl /]# getfacl /data
getfacl: Removing leading ‘/’ from absolute path names# file: data
# owner: root
# group: root
user::rwx
group::r-x
group:sales:r-
xmask::r-x
other::r-x
Page 37 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
There are two ways to change the umask setting: one for all users and one for individual users.
If we want to set umask for all users, we must make sure the umask setting is entered in theconfiguration
file /etc/profile.
Next, Enter umask setting in profile, which is created in the home directory of an individualuser. Settings
applied in this file are for the individual user only
A This attribute ensures that the file access time of the file is not modified. Normally,every time afile is
opened, the file access time is written to the file’s metadata. This affectsperformance in a negative way.
Therefore, on files that are accessed on a regular basis, theA attribute is used to disable this feature.
a This attribute allows a file to be added to but not to be removed. File gets open in append modeonly.
c If you are using a file system where volume-level compression is supported, this fileattribute makes
sure that the file is compressed the first time that the compression enginebecomes active.D This
attribute makes sure that changes to files are written to disk immediately and notto cache first. This is a
useful attribute on important database files to make sure they don’tget lost betweenfile cache and hard
disk.
d This attribute makes sure the file is not backed up in backups where the dump utility isused. IThis
attribute enables indexing for the directory where it is enabled. It allows faster fileaccess forprimitive
file systems.
Page 38 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
I This attribute makes the file immutable. This means that no changes can be made to thefile,which is
useful for files that need a bit of extra protection.
j This attribute ensures that, on an ext3 file system, the file is first written to the journaland onlyafter
that to the data blocks on the hard drive.
s This attribute overwrites the blocks where the file was stored with zeros after the file hasbeen
deleted. It makes sure that recovery of the file is not possible after it has been deleted.
u When a file has ‘u’ attribute is deleted, its data are saved. This enables the user to ask for itsundeletion.
Operator
Step 1: Create a folder demo and file abc.txt and verify attributes using ls command# ls -l
drwxr-xr-x. 2 root root 6 Aug 31 18:02 demo
-rwxrwxrwx. 1 root root 0 Aug 31 17:42 abc.txt
Step 2: Set immutable bit on the files with +iflags to prevent anyone from deleting a file, even aroot
user don’t have permission to delete it.
# chattr
+idemo/#
chattr +iabc.txt
Step 4: Now, try to delete forcefully, rename or change the permissions, but it won’t allowed says
“Operation not permitted“.
# rm -rf demo/
Page 39 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622
TRAINING -> CERTIFICATION -> PLACEMENT BSC IT : SEM - V : LINUX – U2
Step 1: reset (unset attribute) permissions and allows to make a files changeable or alterableusing -
iflag.
Step 2: After resetting permissions, verify the immutable status of files using ‘lsattr‘ command.
# lsattr
---------------- ./demo
---------------- ./abc.txt
Page 40 of 40
YouTube - Abhay More | Telegram - abhay_more
607A, 6th floor, Ecstasy business park, city of joy, JSD road, mulund (W) | 8591065589/022-25600622