Call Girls Delhi {Jodhpur} 9711199012 high profile service
Redhat Linux server administration industrial training report.
1. A
Practical Training Report
On
Linux Server Administration
Submitted in partial fulfilment for the award of degree of
BACHELOR OF TECHNOLOGY
In
Computer Science & Engineering
Submitted To:
Ms. Pooja Sharma
Submitted By:
Alok Gupta
(17EGJCS012)
Department of Computer Science & Engineering
GLOBAL INSTITUTE OF TECHNOLOGY
JAIPUR (RAJASTHAN)-302022
SESSION: 2019-2020
3. ii
ACKNOWLEDGEMENT
The internship opportunity I had with Grass Solution Pvt. Limited was a great chance for
learning and professional development. Therefore, I consider myself as a very lucky
individual as I was provided with an opportunity to be a part of it. I am also grateful for
having a chance to meet so many wonderful people and professionals who led me though this
internship period.
Bearing in mind previous I am using this opportunity to express my deepest gratitude and
special thanks to the MD of Grass Solution Pvt. Limited who in spite of being
extraordinarily busy with her/his duties, took time out to hear, guide and keep me on the
correct path and allowing me to carry out my project at their esteemed organization and
extending during the training.
I express my deepest thanks for taking part in useful decision & giving necessary advices and
guidance and arranged all facilities to make life easier. I choose this moment to acknowledge
his/her contribution gratefully.
It is my radiant sentiment to place on record my best regards, deepest sense of gratitude to
Mr. Yadvendra, for their careful and precious guidance, which were extremely valuable for
my study both theoretically and practically.
I perceive as this opportunity as a big milestone in my career development. I will strive to use
gained skills and knowledge in the best possible way, and I will continue to work on their
improvement, in order to attain desired career objectives. Hope to continue cooperation with
all of you in the future,
Sincerely,
Alok Gupta
Global Institute of Technology, Jaipur
Date:
4. iii
ABSTRACT
Linux Server Administration is important to ensure the proper working of the servers to provide
services to the client. There is a relationship between Server & Client. The purpose of the server
is to fulfil the request made by the client. When there are a lot of clients to handle for a server,
the server needs to be administered by qualified personnel or authorized operator. For example,
suppose there are 30,000 hits per minutes to a server and those hits requests for different types
of services to the server. Red hat is a commercial Linux distributor. These products are red hat
enterprise Linux (RHEL) and Fedora which are freely available. RHEL is well tested before
release and supported till seven years after the release, whereas, fedora provides faster update
Often clients and servers communicate over a computer network on separate hardware, but
both client and server may reside in the same system. A server host runs one or more server
programs which share their resources with clients. A client does not share any of its resources,
but requests a server's content or service function.
Then a server has to determine the number of requests and fulfil their entire request in time
without any error and breakdown. Another instance may be that, if due to increasing number
of hits server gets down. Then there must be qualified personals to inquire the defects and bring
back all the downed servers to online. So, Linux Server Administration is totally coined
towards management and deployment of Linux Servers.
5. iv
LIST OF CONTENTS
CHAPTER TILTE PAGE
1. INTRODUCTION OF LINUX 1
1.1 WHAT IS LINUX 1
1.2 STRUCTURE OF LINUX OS 2
1.3 FEATURES OF LINUX 3
1.4 WHY WE SHOULD USE LINUX 4
1.5 LINUX VS UNIX 4
1.6 LINUX DISTRIBUTION 6
1.7 WINDOWS VS LINUX FILE SYSTEM 7
1.8 TYPES OF FILES 8
1.9 USER IN LINUX 8
2. INTRODUCTION TO RHCSA 10
2.1 INTRODUCTION 10
2.2 INSTALLING THE RED HAT ENTERPRISE
LINUX 7.2 11
2.3 CONFIGURING THE SYSTEM 11
2.4 BOOT PROCESS 12
2.5 DIRECTORY STRUCTURE 14
2.6 BASIC COMMAND 21
3. MANAGINGUSERSANDGROUPSAND
FILEPERMISSIONS 16
3.1 ADDING USER ACCOUNT 17
3.2 LINUX FILE PERMISSION 17
4. TO CREATE DISK PARTITION IN LINUX 21
4.1 HOW TO CREATE DISK PARTITION
IN LINUX 21
4.2 SAVE NEW PARTITION TABLE 21
4.3 MOUNT/UNMOUNT PARTITION 22
4.4 MOUNT DISK ON STARTUP 22
5. PACKAGE MANAGEMENT 26
5.1 WHAT IS YUM 26
6. v
5.2 COMMANDS 23
5.3 SET UP YUM RESPIRATORY 23
6. INTRODUCTION TO RHCE 26
6.1 NEED OF SERVER 26
6.2 A CLIENT SERVER RELATIONSHIP 27
6.3 COMPONENTS OF SERVER 28
7. WEB SERVER DESCRIPTION 30
7.1 HTTPD 30
7.2 FTP 32
7.3 NFS 35
7.4 NIS 35
7.5 NTP 36
7.6 SAMBA 38
7.7 SSH 41
7.8 TELNET 44
7.9 THE MAIL SERVER 47
CONCLUSION 51
REFERENCES 52
7. vi
LIST OF FIGURES
FIGURES TITLE PAGE
Figure 1.1 FILE SYSTEM 8
Figure.2.2 INSTALLING REDHAT ENTERPRISE LINUX 7.2 11
Figure.2.3 SOFTWARE & HARDWARE REQUIREMENTS 12
Figure 2.5 DIRECTORY STRUCTURE 15
Figure 3.2 FILE PERMISSION 18
Figure.6.2 A CLIENT-SERVER RELATIONSHIP 27
Figure.6.3 A LOOK OF A SERVER 28
Figure.7.1 THE APACHE WEB SERVER 30
Figure.7.2 THE ACTIVE & PASSIVE FTP WEB SERVER 33
Figure.7.3 THE NFS WEB SERVER 34
Figure.7.4 THE NTP WEB SERVER 37
Figure.7.5 THE SAMBA SERVER 41
Figure.7.6 THE SSH SERVER 44
Figure.7.7 THE TELNET SERVER 47
Figure.7.8 THE MAIL SERVER 50
8. 1
Chapter 1
Introduction to Linux
1.1What is Linux
Linux is an operating system or a kernel, which germinated as an idea in the mind of young
and bright Linus Torvalds when he was a computer science student. He used to work on
the UNIX OS and thought that it needed improvements.
1.2 Structure of Linux OS
1.2.1 Kernel
Kernel is the core of the operating system. It establishes communication between devices and
software. Moreover, it manages the system resources. Basically, it has four responsibilities:
• Device management: A system has many devices connected to it like CPU, memory
device, sound cards, graphic cards, etc. A kernel stores all the data related to all the
devices in device driver (without this kernel won't be able to control the devices). Thus,
kernel knows what a device can do and how to manipulate it to bring out the best
performance. It also manages communication between all the devices. Kernel has
certain rules that has to be followed by all the devices.
• Memory management: Another function that kernel has to manage is the memory
management. Kernel keeps a track of used and unused memory and make sure that
processes shouldn't manipulate data of each other using virtual memory address.
• Process management: In process management kernel assign enough time and gives
priorities to processes before handling CPU to other process. It also deals with security
and ownership information.
• Handling system calls: Handling system calls means a programmer can write a query
or ask the kernel to perform a task.
9. 2
1.2.2 System Libraries
System libraries are special programs that helps in accessing the kernel's features. A kernel has
to be triggered to perform a task and this triggering is done by the applications. But applications
must know how to place a system call because each kernel has a different set of system calls.
Programmers have developed standard library of procedures to communicate with kernel. Each
operating system supports these standards and then these are transferred to system calls for that
operating system.
Most well-known system library for Linux is glib (GNU C library).
1.2.3 System Tools
Linux OS has a set of utility tools which are usually simple commands. It is a software which
GNU project has written and publish under their open source license so that software is freely
available to everyone.
With the help of commands, you can access your files, edit and manipulate data in your
directories or files, change location of files or anything.
1.2.4 Development Tools
With the above three components your OS is running and working. But to update your system
you have additional tools and libraries. These additional tools and libraries are written by the
programmers and are called tool chain. A tool chain is a vital development tool used by the
developers to produce a working application.
1.2.5 End User Tools
These end tools make a system unique for a user. End tools are not required for the operating
system but are necessary for a user.
Some examples of end tools are graphic design tools, office suites, browsers, multimedia
players, etc.
10. 3
1.3 Features of Linux
1.3.1Multiuser capability:
Multiple users can access the same system resources like memory, hard disk, etc. But they have
to use different terminals to operate.
1.3.2Multitasking:
More than one function can be performed simultaneously by dividing the CPU time
intelligently.
1.3.3 Portability:
Portability doesn't mean it is smaller in file size or can be carried in pen drives or memory
cards. It means that it support different types of hardware.
1.3.4Security:
It provides security in three ways namely authenticating (by assigning password and login ID),
authorization (by assigning permission to read, write and execute) and encryption (converts
file into an unreadable format).
1.3.5Graphical User Interface (X Window system):
Linux is command line-based OS but it can be converted to GUI based by installing packages.
1.3.6Application support:
It has its own software repository from where users can download and install many
applications.
1.3.7 File System:
Provides hierarchical file system in which files and directories are arranged.
11. 4
1.3.8Open Source:
Linux code is freely available to all and is a community based development project.
1.4 Why we should use Linux
➢ It is an open source OS which gives a great advantage to the programmers as they can
design their own custom operating systems.
➢ It gives you a lot of option of programs having some different features so you can
choose according to your need.
➢ A global development community look at different ways to enhance its security, hence
it is highly secured and robust so you don't need an anti-virus to scan it regularly.
Companies like Google, Amazon and Facebook use Linux in order to protect their
servers as it is highly reliable and stable.
➢ Above all you don't have to pay for software and server licensing to install Linux, it’s
absolutely free and you can install it on as many computers as you want.
➢ It’s completely trouble-free operating system and don't have an issue with viruses,
malware and slowing down your computer.
1.5 Linux vs Unix
Linux is the clone of Unix. It has several features similar to Unix, still have some key
differences. Before Linux and Windows, computer world was dominated by Unix. Unix is a
copyrighted name and IBM AIX; HP-UX and Sun Solaris are only Unix operating system
remained till date.
Comparison Linux Unix
Definition It is an open-source operating
system which is freely available
to everyone.
It is an operating system
which can be only used by its
copyrighters.
Examples It has different distros like
Ubuntu, Redhat, Fedora, etc
IBM AIX, HP-UX and Sun
Solaris.
12. 5
Users Nowadays, Linux is in great
demand. Anyone can use Linux
whether a home user, developer
or a student.
It was developed mainly for
servers, workstations and
mainframes.
Cost Linux is freely distributed,
downloaded, and distributed
through magazines also. And
priced distros of Linux are also
cheaper than Windows.
Unix copyright vendors
decide different costs for their
respective Unix Operating
systems.
Development As it is open source, it is
developed by sharing and
collaboration of codes by world-
wide developers.
Unix was developed by
AT&T Labs, various
commercial vendors and non-
profit organizations.
Manufacturer Linux kernel is developed by the
community of developers from
different parts of the world.
Although the father of Linux,
Linus Torvalds oversees things.
Unix has three distributions
IBM AIX, HP-UX and Sun
Solaris. Apple also uses Unix
to make OSX operating
system.
GUI Linux is command based but
some distros provide GUI based
Linux. Gnome and KDE are
mostly used GUI.
Initially it was command-
based OS, but later Common
Desktop Environment was
created. Most Unix
distributions use Gnome.
Interface The default interface is BASH
(Bourne Again Shell). But some
distros have developed their own
interfaces.
It originally used Bourne
shell. But is also compatible
with other GUIs.
File system
support
Linux supports more file system
than Unix.
It also supports file system but
lesser than Linux.
13. 6
Coding Linux is a Unix clone, behaves
like Unix but doesn't contain its
code.
Unix contain a completely
different coding developed by
AT&T Labs.
Operating
system
Linux is just the kernel. Unix is a complete package of
Operating system.
Security It provides higher security. Linux
has about 60-100 viruses listed
till date.
Unix is also highly secured. It
has about 85-120 viruses
listed till date
1.6 Linux Distributions
Other operating systems like Microsoft combine each bit of codes internally and release it as a
single package. You have to choose from one of the version they offer.
But Linux is different from them. Different parts of Linux are developed by different
organizations.
Different parts include kernel, shell utilities, X server, system environment, graphical
programs, etc.
Some of the Linux Distributors are: -
1.6.1 Ubuntu
It came into existence in 2004 by Canonical and quickly became popular. Canonical wants
Ubuntu to be used as easy graphical Linux desktop without the use of command line. It is the
most well-known Linux distribution. Ubuntu is a next version of Debian and easy to use for
newbies. It comes with a lot of pre-installed apps and easy to use repositories libraries.
Earlier, Ubuntu uses GNOME2 desktop environment but now it has developed its own unity
desktop environment. It releases every six months and currently working to expand to run on
tablets and smartphones.
1.6.2 Linux Mint
Mint is based on Ubuntu and uses its repository software so some packages are common in
both.
14. 7
Earlier it was an alternative of Ubuntu because media codecs and proprietary software are
included in mint but was absent in Ubuntu. But now it has its own popularity and it uses
cinnamon and mate desktop instead of Ubuntu's unity desktop environment.
1.6.3 Debian
Debian has its existence since 1993 and releases its versions much slowly then Ubuntu and
mint.
This makes it one of the most stable Linux distributor.
Ubuntu is based on Debian and was founded to improve the core bits of Debian more quickly
and make it more user friendly. Every release name of Debian is based on the name of the
movie Toy Story.
1.6.4 Red Hat Enterprise
Red hat is a commercial Linux distributor. These products are red hat enterprise Linux (RHEL)
and Fedora which are freely available. RHEL is well tested before release and supported till
seven years after the release, whereas, fedora provides faster update and without any support.
Red hat uses trademark law to prevent their software from being redistributed. CentOS is a
community project that uses red hat enterprise Linux code but removes all its trademark and
make it freely available. In other words, it is a free version of RHEL and provide a stable
platform for a long time.
1.6.5 Fedora
It is a project that mainly focuses on free software and provides latest version of software. It
doesn't make its own desktop environment but used 'upstream' software. By default, it has
GNOME3 desktop environment. It is less stable but provides the latest stuff.
1.7 Windows vs Linux File System
In Microsoft Windows, files are stored in folders on different data drives like C: D: E:
But, in Linux, files are ordered in a tree structure starting with the root directory.
This root directory can be considered as the start of the file system, and it further branches out
various other subdirectories. The root is denoted with a forward slash '/'.
A general tree file system on your UNIX may look like this.
15. 8
Figure 1.1 file system
1.8 Types of Files
In Linux and UNIX, everything is a file. Directories are files, files are files, and devices like
Printer, mouse, keyboard etc. Are files.
Let's look into the File types in more detail.
1.8.1General Files
General Files also called as Ordinary files. They can contain image, video, program or simply
text. They can be in ASCII or a Binary format. These are the most commonly used files by
Linux Users.
1.8.2 Directory Files
These files are a warehouse for other file types. You can have a directory file within a directory
(sub-directory).You can take them as 'Folders' found in Windows operating system.
1.8.3 Device Files:
In MS Windows, devices like Printers, CD-ROM, and hard drives are represented as drive
letters like G: H: In Linux, there are represented as files. For example, if the first SATA hard
drive had three primary partitions, they would be named and numbered as /dev/sda1, /dev/sda2
and /dev/sda3.
1.9 Users in Linux
There are 3 types of users in Linux.
• Regular
• Administrative(root)
• Service
16. 9
1.9.1 Regular User
A regular user account is created for you when you install Ubuntu on your system. All your
files and folders are stored in /home/ which is your home directory. As a regular user, you do
not have access to directories of other users.
1.9.2 Root User
Other than your regular account another user account called root is created at the time of
installation. The root account is a superuser who can access restricted files, install software
and has administrative privileges. Whenever you want to install software, make changes to
system files or perform any administrative task on Linux; you need to log in as a root user.
Otherwise, for general tasks like playing music and browsing the internet, you can use your
regular account.
1.9.3 Service user
Linux is widely used as a Server Operating System. Services such as Apache, Squid, email,
etc. have their own individual service accounts. Having service accounts increases the
security of your computer. Linux can allow or deny access to various resources depending on
the service.
17. 10
Chapter 2
Introduction to RHCSA
2.1 Introduction:
Red Hat Enterprise Linux (RHEL) is a Linux-based operating system from Red Hat designed
for businesses. RHEL can work on desktops, on servers, in hypervisors or in the cloud. Red
Hat and its community-supported counterpart, Fedora, are among the most widely used Linux
distributions in the world.
Red Hat Enterprise Linux has multiple variants, with server versions for x86, x86-64,
PowerPC, Itanium and IBM System z. It also includes desktop versions for x86 and x86-64.
As of November, 2011, the latest variant of RHEL is RHEL 6.
Now Red Hat is owned by IBM.
Being a Linux distribution, Red Hat Enterprise Linux contains the Linux kernel as well as some
applications for performing certain tasks. Like all Linux distributions, RHEL is open source.
Thus, people can view its source code, download it and make their own customized versions.
Some of the notable Linux distros that are actually derived from RHEL include CentOS, Oracle
Enterprise Linux, Scientific Linux and Pie Box Enterprise Linux.
In the past, Red Hat gave this enterprise product for free and only charged for support. Later
on, they decided to create two versions: RHEL, which would have less frequent version
releases and consequently be more stable, and Fedora, which would undergo relatively more
frequent version releases and consequently offer more bleeding edge technologies.
Fedora, which is given entirely for free, is sponsored by Red Hat (the company) but is actively
developed by a community of developers. It is most suitable for Linux enthusiasts. RHEL, on
the other hand, takes technologies developed via the Fedora Project and packages them into a
more reliable and stable commercial product. Hence, RHEL is best suited for the enterprise.
People who subscribe to RHEL can download the installer for free but have to pay for support.
Special editions of RHEL are available for academic institutions who are willing to pay a
smaller fee to use the relatively more stable RHEL rather than a Fedora.
A typical RHEL distribution would include development tools, applications, services and
utilities such as Compiz, CUPS, DHCP, Firefox, GIMP, MySQL, OpenOffice.org, Samba and
Python, to name a few.
Software Requirement:
18. 11
To use your local computer to develop your server, you must install a Linux system. Windows
can also be used to create & deploy servers but carrying these tasks in windows becomes
difficult. It’s recommended to use Linux system. Red Hat Enterprise Linux 7.3 is one of the
best Linux OS that can be used.
2.2 Installing the Red hat Enterprise Linux 7.3:
Installing a Linux system is easy and fast task. There is one more reason to use Linux system
is because it’s free.
Figure 2.2 Installing Redhat Enterprises Linux 7.3
2.3 Configuring the System:
As the Linux system is installed i.e. RHEL 7.3, log in as root. Now we’ve to configure it by
installing some additional packages and upgrading the system packages
Open the Terminal and type following commands to install updates:
[root@localhost Desktop]# yum install updates
Hardware Requirement:
Minimum requirement is Pentium 4 or AMD or Celeron Processor. All the processors above
this configuration would be very well working to go with Linux. So, the processors like Core
2 Duo Processor, Dual Core Processor, Dual core i3, Dual core i5, Dual core i7, AMD Duron,
19. 12
AMD Sempron, AMD Turion, MD Opteron, AMD Phenom 1, and Celeron III are
recommended.
Minimum of 512 MB RAM is required and the RAM above this size would be recommended.
Figure 2.3 Software & Hardware Requirement
2.4 Boot Process
Power on
1. BIOS (Basic Input Output System) is a software program comes pre-built in a
motherboard chipset.
2. BIOS loads and scans for devices such as Hard Disk, CD-ROM, RAM, etc.
3. BIOS searches for MBR (Master Boot Record: 1st sector) of the primary hard drive, it
scans for 1st stage loader (In our case boot loader is (GRUB LILO) and hands over the
responsibility to MBR.
4. Boot PROM/FLASH/BIOS is proficient of loading the MBR into RAM and executing
it.
5. MBR (Master Boot Record)
▪ 512 bytes of space –> MBR
▪ MBR contains the information of loader of most operating system
e.g. UNIX, Linux and WINDOWS
▪ MBR holds the small binary information of 1st stage of loader
▪ MBR consist physical sector of the first disk drive (i.e. 512 bytes) and it’s not part of any
partition.
20. 13
▪ Placed on the prime disk drive, in the prime sector of the first cylinder of track is 0 and
head is 0 (this whole path is generally booked for boot programs)
▪ MBR involve a mini executable programs and a table specify the primary partitions.
Boot Code (GRUB) 446 bytes
partition 1: 16 bytes
partition 2: 16 bytes
partition 3: 16 bytes
partition 4: 16 bytes
magic Number: 2 bytes
1. MBR also document which primary partition is ACTIVE.
2. The BIOS surrender rights to the first stage boot loader, which then scans partition table
and finds second stage boot loader on the partition configured as bootable.
Boot Loader
1. The boot loader termed from 1st stage loader and loads itself into RAM. All this go on in
milliseconds.
2. The default stage 2 boot loader is a GRUB (Grand Unified Boot Loader)
or LILO (Linux Loader)
3. Once GRUB is loaded into RAM, then it’s search for the location of Kernel.
4. GRUB will scrutinize the map file to find the kernel image, that is located under (/boot)
and load it.
5. GRUB loads the kernel (vmlinuz-version) from /boot partition.
Trivia 1
GRUB organize RAMDISK for initrd —> (RAMDISK is reserved space from RAM). In
addition, it drives initrd into RAM to ready the kernel for loading itself into memory and
depended modules so that it can leave the system to “init” process.
In, Linux most of the drivers are pre-built as modules, these would be initial ram drive
(initrd.img) where it can keep all the information of additional modules. So, when the kernel
boots, it creates ramdrive, loads the initrd.img and its depended modules.
GRUB reads /boot/grub/grub.conf & shows us a clean interface for selecting Operating
System
Once Kernel loads its depended modules and then it hands over to “init” process. The kernel
image has a small, unpacked program that un-compresses kernel and runs it.
21. 14
Trivia 2
LILO needed to indicate MBR in order to locate operating systems on the hard drive. Any
modifications done to /etc/lilo.conf, that must be updated in MBR, but in GRUB‘s case no
need to update, it reads directly from the file /boot/grub/grub.conf.
After making changes in /etc/lilo.conf, we’ll have to update the MBR manually.
# /sbin/lilo -v
Trivia 3
The GRUB second stage loader resides within the MBR and within /boot partition.
Once GRUB is loaded into memory it becomes 2nd stage loader.
Trivia 4
The /initrd directory should not be removed it is a temporary place holder for kernel to have
quick access to the modules that it needs to start the system modules include device drivers.
Kernel initialization highlights include:
1. initialize CPU components, e.g., MMU
2. initialize the scheduler (PID 0)
3. mount the root filesystem in rw mode
4. fork off the init process (PID 1)
In essence, kernel initialization does two things:
1. Start the core system of shared resource managers (RAM, processor and mass storage).
2. Starts a single process, /sbin/init.
Init process (sbin/init) is the very fistprocess which loads all the various daemons and mounts
all the partitions which are listed under /etc/fstab.
About /etc/fstab
1. The /sbin/init reads /etc/inittab file
2. Set default runlevel ( the telinit command allows administrators to tell the init process to
change its current runlevel)
3. Calls /etc/rc.d/rc.sysinit and /etc/rc.d/rc x (where ‘x‘ is a runlevel)
4. In /etc/rc.d/rc5.d directory files starting with letter K –> kill scripts and files starting
with letter S –>Startup scripts.
5. Start up the tty processes and xdm ( X display manager)
6. Starts User’s login screen
22. 15
2.5 Directory Structure
A standard Linux distribution follows the directory structure as provided below with Diagram
and explanation.
Figure 2.5 directory structure
2.6 Basic Commands
pwd The pwd command stands for (print working directory). It displays the current
working location or directory of the user. It displays the whole working path
starting with /. It is a built-in command.
ls The ls command is used to show the list of a folder. It will list out all the files in
the directed folder.
cd The cd command stands for (change directory). It is used to change to the directory
you want to work from the present directory.
mkdir With mkdircommand you can create your own directory.
23. 16
rmdir The rmdir command is used to remove a directory from your system.
touch Used to create a file.
rm To remove a file.
cp To copy a file.
mv To rename or to move a file.
man Description of a command.
whereis Used to determine location of a man page
head It displays the beginning of a file.
tail It displays the last part of a file.
cat This command is versatile and multi worker.
grep To search a pattern
Chapter 3
Managing Users and Groups and File Permissions
3.1 Adding User Accounts
To add a new user account, you can run either of the following two commands as root.
# adduser [new_account]
# useradd [new_account]
24. 17
UNDERSTANDING /ETC/PASSWD
The full account information is stored in the /etc/passwd file. This file contains a record per
system user account and has the following format (fields are delimited by a colon).
[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]
UNDERSTANDING /ETC/GROUP
Group information is stored in the /etc/group file. Each record has the following format.
[Group name]:[Group password]:[GID]:[Group members]
Modifying User :-
After adding an account, you can edit the following information (to name a few fields) using
the usermod command, whose basic syntax of usermod is as follows.
# usermod [options] [username]
Adding a New Group
# groupaddcommon_group # Add a new group
# chown :common_group common.txt # Change the group owner of common.txt to
common_group
# usermod -aGcommon_group user1 # Add user1 to common_group
# usermod -aGcommon_group user2 # Add user2 to common_group
# usermod -aGcommon_group user3 # Add user3 to common_group
DELETING A GROUP
You can delete a group with the following command.
# groupdel [group_name]
25. 18
3.2 Linux File Permissions
All the three owners (user owner, group, others) in the Linux system have three types of
permissions defined. Nine characters denotes the three types of permissions.
1. Read (r): The read permission allows you to open and read the content of a file. But
you can't do any editing or modification in the file.
2. Write (w): The write permission allows you to edit, remove or rename a file. For
instance, if a file is present in a directory, and write permission is set on the file but
not on the directory, then you can edit the content of the file but can't remove, or
rename it.
3. Execute (x): In Unix type system, you can't run or execute a program unless execute
permission is set. But in Windows, there is no such permission available.
4. Octal permissions can also be set for the groups.
5. For example, to set r octal will be 4, to set w octal will be 2, to set x octal will be 1.
UNDERSTANDING SETUID
When the setuid permission is applied to an executable file, an user running the program
inherits the effective privileges of the program’s owner. Since this approach can reasonably
raise security concerns, the number of files with setuid permission must be kept to a minimum.
You will likely find programs with this permission set when a system user needs to access a
file owned by root.
Summing up, it isn’t just that the user can execute the binary file, but also that he can do so
with root’s privileges. For example, let’s check the permissions of /bin/passwd. This binary is
used to change the password of an account, and modifies the /etc/shadow file. The superuser
can change anyone’s password, but all other users should only be able to change their own.
Figure 3.2 File Permission
Thus, any user should have permission to run /bin/passwd, but only root will be able to specify
an account. Other users can only change their corresponding passwords.
26. 19
UNDERSTANDING SETGID
When the setgid bit is set, the effective GID of the real user becomes that of the group owner.
Thus, any user can access a file under the privileges granted to the group owner of such file. In
addition, when the setgid bit is set on a directory, newly created files inherit the same group as
the directory, and newly created subdirectories will also inherit the setgid bit of the parent
directory. You will most likely use this approach whenever members of a certain group need
access to all the files in a directory, regardless of the file owner’s primary group.
# chmodg+s [filename]
To set the setgid in octal form, prepend the number 2 to the current (or desired) basic
permissions.
# chmod 2755 [directory]
SETTING THE SETGID IN A DIRECTORY
27. 20
UNDERSTANDING STICKY BIT
When the “sticky bit” is set on files, Linux just ignores it, whereas for directories it has the
effect of preventing users from deleting or even renaming the files it contains unless the user
owns the directory, the file, or is root.
# chmodo+t [directory]
28. 21
Chapter 4
To create disk partition in Linux
4.1 How to Create Disk Partition in Linux
Create Disk Partitions
If you have added a new disk to your system, you can simply format entire disk and create it
as a single disk. But it’s a good idea to create smaller partitions on large size disks.
fdisk /dev/sdc
Use n to create new partition like below. After that select p or e for creating a primary or
extended file system. As we are creating first partition, so we can use p (primary). Remember
that you can’t create more than 4 primary partitions.
• Command (m for help): n
• Command action
• e extended
• p primary partition (1-4)
• p
• Partition number (1-4): 1
• First sector (63-104857599, default 63): 2048
• Last sector, +sectors or +size{K,M,G} (2048-104857599, default 104857599): +10G
4.2 Save new partitioning table
Command (m for help): w
Format Disk Partitions
Use mkfs utility for creating the file system on disk partitions. You can define file system type
with mkfs command which file system we need on disk.
• mkfs -t ext4 /dev/sdc1
29. 22
We can use any other file system type like: ext2, ext3, ext4, fat, vfat, ntfs etc.
• mkfs.ext4 /dev/sdc1
4.3. Mount/Unmount Partitions
Before mounting a disk, you are required to create a mount point. Then use the mount command
to mound disk partition on a mount point.
• mkdir /newDisk1
• mount /dev/sdc1 /newDisk1
Now use one of following command to verify disk is mounted successfully.
• mount | grep "/dev/sdc1"
• df -h | grep "/dev/sdc1"
4.4. Mount Disk on Startup
Use /etc/fstab file which is used for mounting disk partitions during system boot up. Add the
following entry in /etc/fstab file at the end of file.
/dev/sdc1 /newDisk1 ext3 defaults 0 2
30. 23
Chapter 5
Package Management
5.1 What is YUM?
YUM (Yellowdog Updater Modified) is an open source command-line as well as graphical
based package management tool for RPM (RedHat Package Manager) based Linux systems.
It allows users and system administrator to easily install, update, remove or search software
packages on a system. It was developed and released by Seth Vidal under GPL (General
Public License) as an open source, means anyone can allowed to download and access the
code to fix bugs and develop customized packages. YUM uses numerous third party
repositories to install packages automatically by resolving their dependencies issues.
5.2 Commands
To install a Package
yum install package_name
To remove a Package
yum remove package_name
To update a Package
yum update package_name
To list all Packages
yumrepolist all
To clean yum cache
yum clean all
31. 24
5.3 Set up yum repository for locally-mounted DVD on Red Hat Enterprise
Linux 7
• Once you have downloaded a DVD version of your chosen Rhel Version and copied
it over to a location on your server.
# mkdir -p /mnt/disc
# mount /dev/sr0 /mnt/disc
• Copy the media.repo file from the root of the mounted directory
to /etc/yum.repos.d/ and set the permissions to 0644 or another similar permissions set:
1. # cp /mnt/disc/media.repo /etc/yum.repos.d/rhel7dvd.repo
2. # chmod 644 /etc/yum.repos.d/rhel7dvd.repo
3. vi /etc/yum.repos.d/rhel7dvd.repo
4. enabled=1
5. baseurl=file:///mnt/disc/
6. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
7. [InstallMedia]
8. name=DVD for Red Hat Enterprise Linux 7.1 Server
9. mediaid=1359576196.686790
10. metadata_expire=-1
11. gpgcheck=1
12. cost=500
13. enabled=1
14. baseurl=file:///mnt/disc/
15. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
• Clear the cache and check whether you can get the packages list from the DVD repo
# yum clean all
# yumrepolist enabled
• It should look like the following if no other repository is enabled.
To avoid any corruption its recommend to disable any non-redhat repositories.
# yum repolist enabled
Loaded plugins: product-id, search-disabled-repos, subscription-manager
32. 25
This system is not registered to Red Hat Subscription Management. You can use
subscription-manager to register.
repo id repo name
InstallMedia Red Hat Enterprise Linux 7.7
repolist: 5,229
• If no errors are returned, the following can be used to update:
# yum update
33. 26
Chapter 6
INTRODUCTION TO RHCE
Introduction:
In a technical sense, a server is an instance of a computer program that accepts and responds
to requests made by another program, known as a client. Less formally, any device that runs
server software could be considered a server as well. Servers are used to manage network
resources. For example, a user may setup a server to control access to a network, send/receive
e-mail, manage print jobs, or host a website.
Some servers are committed to a specific task, often referred to as dedicated. As a result, there
are a number of dedicated server categories, like print servers, file servers, network servers,
and database servers. However, many servers today are shared servers which can take on the
responsibility of e- mail, DNS, FTP, and even multiple websites in the case of a web server.
Because they are commonly used to deliver services that are required constantly, most servers
are never turned off. Consequently, when servers fail, they can cause the network users and
company many problems. To alleviate these issues, servers are commonly high-end computers
setup to be fault tolerant.
6.1 Need of Servers:
As we know that internet is an ocean of data. Every nook & cranny of the world uses internet.
There are millions of websites containing text, audio, video, images etc. the user of internet
always access these contents from all over the world. As we know that each and every website
is stored on someone’s storage device and every one cannot keep their devices online for a long
time. So we need a device that can be kept online for long times without any discontinuity.
That’s comes the need of servers. The server is a place where we can place our data (websites,
images, video, audio etc.) at one place with 24x7 access to all our users. Following are the other
advantages of server:
i. All time access to all users.
ii. The hardware & software is upgraded according to time. The owner of any website
has not to worry about their technical front.
iii. All information is at one place.
34. 27
iv. No need of technical expatriation of any server related term because the entire tasks
are done by server personnel.
v. Data processing is fast.
6.2 A Client-Server Relationship:
The client–server model is a distributed application structure that partitions tasks or workloads
between the providers of a resource or service, called servers, and service requesters, called
clients. Often clients and servers communicate over a computer network on separate hardware,
but both client and server may reside in the same system. A server host runs one or more server
programs which share their resources with clients. A client does not share any of its resources,
but requests a server's content or service function. Clients therefore initiate communication
sessions with servers which await incoming requests. Examples of computer applications that
use the client– server model are Email, network printing, and the World Wide Web.
Servers are classified by the services they provide. For instance, a web server serves web pages
and a file server serves computer files. A shared resource may be any of the server computer's
software and electronic components, from programs and data to processors and storage devices.
The sharing of resources of a server constitutes a service.
Figure 6.2A Client Server Relationship
6.3 Components of A Server:
The hardware components that a typical server computer comprises are similar to the
components used in less expensive client computers. However, server computers are usually
35. 28
built from higher-grade components than client computers. The following paragraphs describe
the typical components of a server computer.
Memory
Don't scrimp on memory. People rarely complain about servers having too much memory.
Many different types of memory are available, so you have to pick the right type of memory to
match the memory supported by your motherboard. The total memory capacity of the server
depends on the motherboard. Most new servers can support at least 12GB of memory, and
some can handle up to 32GB.
Hard drives
Most desktop computers use inexpensive hard drives called IDE drives (sometimes also called
ATA). These drives are adequate for individual users, but because performance is more
important for servers, another type of drive known as SCSI is usually used instead. For the best
performance, use the SCSI drives along with a high-performance SCSI controller card.
Recently, a new type of inexpensive drive called SATA has been appearing in desktop
computers. SATA drives are also being used more and more in server computers as well due
to their reliability and performance.
Network connection
The network connection is one of the most important parts of any server. Many servers have
network adapters built into the motherboard. If your server isn't equipped as such, you'll need
to add a separate network adapter card.
Figure 6.3A Look Of A Server
36. 29
Chapter 7
Web Server Description
7.1. HTTP:
Introduction
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed,
collaborative, hypermedia information systems. HTTP is the foundation of data
communication for the World Wide Web.
Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text.
HTTP is the protocol to exchange or transfer hypertext.
Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989. Standards
development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the
World Wide Web Consortium (W3C), culminating in the publication of a series of Requests
for Comments (RFCs). The first definition of HTTP/1.1, the version of HTTP in common use,
occurred in RFC 2068 in 1997, although this was obsoleted by RFC 2616 in 1999.
A later version, the successor HTTP/2, was standardized in 2015, and is now supported by
major web servers.
HTTP functions as a request–response protocol in the client–server computing model. A web
browser, for example, may be the client and an application running on a computer hosting a
web site may be the server. The client submits an HTTP request message to the server. The
server, which provides resources such as HTML files and other content, or performs other
functions on behalf of the client, returns a response message to the client. The response contains
completion status information about the request and may also contain requested content in its
message body.
A web browser is an example of a user agent (UA). Other types of user agent include the
indexing software used by search providers (web crawlers), voice browsers, mobile apps, and
other software that accesses, consumes, or displays web content.
HTTP is designed to permit intermediate network elements to improve or enable
communications between clients and servers. High-traffic websites often benefit from web
37. 30
cache servers that deliver content on behalf of upstream servers to improve response time. Web
browsers cache previously accessed web resources and reuse them when possible to reduce
network traffic. HTTP proxy servers at private network boundaries can facilitate
communication for clients without a globally routable address, by relaying messages with
external servers.
HTTP is an application layer protocol designed within the framework of the Internet Protocol
Suite. Its definition presumes an underlying and reliable transport layer protocol, and
Transmission Control Protocol (TCP) is commonly used. However HTTP can be adapted to
use unreliable protocols such as the User Datagram Protocol (UDP), for example in HTTPU
and Simple Service Discovery Protocol (SSDP).
HTTP resources are identified and located on the network by uniform resource locators
(URLs), using the uniform resource identifier (URI) schemes http and https. URIs and
hyperlinks in Hypertext Markup Language (HTML) documents form inter-linked hypertext
documents.
HTTP/1.1 is a revision of the original HTTP (HTTP/1.0). In HTTP/1.0 a separate connection
to the same server is made for every resource request. HTTP/1.1 can reuse a connection
multiple times to download images, scripts, stylesheets etc. after the page has been delivered.
HTTP/1.1 communications therefore experience less latency as the establishment of TCP
connections presents considerable overhead.
Figure 7.1 The Apache Web Server
Installation:
38. 31
NOTE: Installation of any web server package on RHEL 7.2 or any other Linux requires only
3-steps: -
Step 1: Install the required software.
Step 2: Configure the software.
Step 3: Start the service (daemon).
Step 1: Install the httpd package:
Open the terminal. Then write the following command to install the httpd package.
[root@localhost Desktop] # yum install httpd
Once the httpd package is installed properly then go to the next step.
Step 2: Configure the software:
Configuring the software means changing the internal settings of the software. Internal settings
contain default port no.,default location to look up for webpages, default type of webpage to
accept etc. if there is any need to configure these settings then type the following command:
[root@localhost Desktop] # vim /etc/httpd/conf/httpd.conf
Step 3: Starting the service:
Now start the service i.e. the daemon by typing following command:
[root@localhost Desktop] # systemctl start httpd
The service of Apache Web Server (httpd) is started.
NOTE: When there is communication over the network, there comes the concept of firewalls.
Firewall prevents any unauthorized connection over any network. To prevent this intervention
caused by the firewall in RHEL 7.2 we write following commands:
[root@localhost Desktop] # setenforce 0
[root@localhost Desktop] # iptables –F
This must be done on each and every server which is going to be created.
39. 32
7.2 FTP:
Introduction
File Transfer Protocol (FTP) is a standard Internet protocol for transmitting files between
computers on the Internet over TCP/IP connections.
FTP is a client-server protocol that relies on two communications channels between client
and server: a command channel for controlling the conversation and a data channel for
transmitting file content. Clients initiate conversations with servers by requesting to
download a file. Using FTP, a client can upload, download, delete, rename, move and copy
files on a server. A user typically needs to log on to the FTP server, although some
servers make some or all of their content available without login, also known as anonymous
FTP.
FTP sessions work in passive or active modes. In active mode, after a client initiates a session
via a command channel request, the server initiates a data connection back to the client and
begins transferring data. In passive mode, the server instead uses the command channel to
send the client the information it needs to open a data channel. Because passive mode has the
client initiating all connections, it works well across firewalls and Network Address
Translation (NAT) gateways.
FTP was originally defined in 1971, prior to the definition of TCP and IP, and has been
redefined many times -- e.g., to use TCP/IP (RFC 765 and RFC 959), and then Internet
Protocol Version 6 (IPv6), (RFC 2428). Also, because it was defined without much concern
for security, it has been extended many times to improve security: for example, versions that
encrypt via a TLS connection (FTPS) or that work with Secure File Transfer Protocol
(SFTP), also known as SSH File Transfer Protocol.
Users can work with FTP via a simple command line interface (for example, from a console
or terminal window in Microsoft Windows, Apple OS X or Linux) or with a dedicated
graphical user interface (GUI). Web browsers can also serve as FTP clients.
Although a lot of file transfer is now handled using HTTP, FTP is still commonly used to
transfer files "behind the scenes" for other applications -- e.g., hidden behind the user
interfaces of banking, a service that helps build a website, such as Wix or SquareSpace, or
other services. It is also used, via Web browsers, to download new applications.
40. 33
Figure 7.2 The Active &Passive Web Server
Installation:
Step 1: Install the vsftpd package:
Open the terminal. Then write the following command to install the vsftpd package.
[root@localhost Desktop] # yum install vsftpd
Once the vsftpd package is installed properly then go to the next step.
Step 2: Configure the software:
Configuring the software means changing the internal settings of the software. Internal
settings contain default port no. , default location to look up for webpages, default type of
webpage to accept etc. if there is any need to configure these settings then type the following
command:
[root@localhost Desktop] # vim /etc/vsftpd/vsftpd.conf
Step 3: Starting the service:
Now start the service i.e. the daemon by typing following command:
41. 34
[root@localhost Desktop] # systemctl start vsftpd
The service of FTP Web Server (vsftpd) is started.
7.3. NFS:
Introduction
The Network File System (NFS) is a client/server application that lets a computer user view
and optionally store and update files on a remote computer as though they were on the user's
own computer. The NFS protocol is one of several distributed file system standards for
network- attached storage (NAS).
NFS allows the user or system administrator to mount (designate as accessible) all or a
portion of a file system on a server. The portion of the file system that is mounted can be
accessed by clients with whatever privileges are assigned to each file (read-only or read-
write). NFS uses Remote Procedure Calls (RPC) to route requests between clients and
servers.
NFS was originally developed by Sun Microsystems in the 1980's and is now managed by the
Internet Engineering Task Force (IETF). NFSv4.1 (RFC-5661) was ratified in January 2010
to improve scalability by adding support for parallel access across distributed servers.
Network File Sytem versions 2 and 3 allows the User Datagram Protocol (UDP) running over
an IP network to provide stateless network connections between clients and server, but
NFSv4 requires use of the Transmission Control Protocol (TCP).
Figure 7.3 The NFS Web Server
42. 35
Installation:
Step 1: Install the nfs-utils package:
Open the terminal. Then write the following command to install the nfs-utils package.
[root@localhost Desktop] # yum install nfs-utils
Once the nfs-utils package is installed properly then go to the next step.
Step 2: Configure the software: Configuring the software means changing the internal
settings of the software. Internal settings contain default port no. , default location to look up
for webpages, default type of webpage to accept etc. if there is any need to configure these
settings then type the following command:
[root@localhost Desktop] # vim /etc/exports
Step 3: Starting the service:
Now start the service i.e. the daemon by typing following command:
[root@localhost Desktop] # systemctl start nfs-server
The service of NFS Web Server is started.
7.4. NIS:
Introduction:
NIS (Network Information System) is a network naming and administration system for smaller
networks that was developed by Sun Microsystems. NIS+ is a later version that provides
additional security and other facilities. Using NIS, each host client or server computer in the
system has knowledge about the entire system. A user at any host can get access to files or
applications on any host in the network with a single user identification and password. NIS is
similar to the Internet's domain name system (DNS) but somewhat simpler and designed for a
smaller network. It's intended for use on local area networks.
NIS uses the client/server model and the Remote Procedure Call (RPC) interface for
communication between hosts. NIS consists of a server, a library of client programs, and some
43. 36
administrative tools. NIS is often used with the Network File System (NFS). NIS is a UNIX-
based program.
Although Sun and others offer proprietary versions, most NIS code has been released into the
public domain and there are freeware versions available. NIS was originally called Yellow
Pages but because someone already had a trademark by that name, it was changed to Network
Information System. It is still sometimes referred to by the initials: "YP".
Sun offers NIS+ together with its NFS product as a solution for Windows PC networks as well
as for its own workstation networks.
Installation:
Step 1: Install the ypserv package:
Open the terminal. Then write the following command to install the nfs-utils package.
[root@localhost Desktop] # yum install ypserv
Once the ypserv package is installed properly then go to the next step.
Step 2: Configure the software:
Configuring the software means changing the internal settings of the software. Internal settings
contain default port no. , default location to look up for webpages, default type of webpage to
accept etc. if there is any need to configure these settings then type the following command:
[root@localhost Desktop] # vim /etc/yp.conf
Step 3: Starting the service:
Now start the service i.e. the daemon by typing following command:
[root@localhost Desktop] # systemctl start ypserv
The service of NIS Web Server is started.
7.5. NTP:
Introduction:
NTP (Network Time Protocol) is a network protocol that enables you to synchronize clocks on
devices over a network. It works by using one or more NTP servers that maintain a highly
accurate time, and allows clients to query for that time. These client devices query the server,
44. 37
then automatically adjust their own internal clock to mirror the NTP server. The Net Burner
NTP server obtains highly accurate time by synchronizing its local clock to GPS satellites.
Once plugged in to your network, the NTP device will allow your devices to maintain
synchronized time.
NTP Servers are generally categorized in to several tiered categories. These categories are
referred to as stratum. As the stratum number increases, the accuracy of the time generally
decreases.
1. Stratum 0 devices are devices such as atomic, GPS, and radio clocks. These devices offer
the highest accuracy, but are not usually publicly accessible.
2. Stratum 1 devices are network servers that are connected directly to stratum 0 devices. Some
public stratum 1 devices can be found, but they often come with usage restrictions, including
limiting the number of requests and limiting usage for commercial devices.
3. Stratum 2 devices are network servers that synchronize their time to one or more stratum 1
or 2 devices. Public, open use NTP servers often fall in to this category.
Stratum numbers can keep increasing, up to a theoretical stratum 256 device. However, any
device listed as stratum 16 or greater should be considered inaccurate.
The NetBurner NTP Server is a stratum 1 device connected directly to a GPS time chip.
Figure. 7.4 The NTP Web Server
45. 38
Installation:
Sometimes Internet NTP servers do not meet your needs. The PK70 NTP device is a low cost
NTP server that can be added to your local network. Setting up the NetBurner NTP server could
not be easier. Unbox the device, plug in the power cable, network cable, and attach the included
antennae. For optimal usage, the antenna receiver should be placed next to to a window with a
clear view of the sky. Once the device powers up, the red led light will turn green, indicating
the device is synchronized.
Some configuration options, status screens, and XML output can be reached on the PK70 NTP
device by pointing your web browser to the IP address of the device. Click to see a live
demonstration of the NTP device web server. If you are unsure of the local IP address of your
Net Burner NTP server, download IP Setup, which will can your local network for NetBurner
devices and display their HTTP web address.
Typical Linux distributions include ntpd, the daemon for syncing to an NTP server. If you are
missing ntpd, then you should install ntpd with your favorite package manager.
Step 1: From the command line, use sudo privileges to edit the /etc/ntp.conf
file.sudo vi /etc/ntp.conf
Step 2: Input one or more ntp servers, one per line. Prepend “server” to every URL
Example ntp.conf file
server time.apple.com
server time.nist.gov
server 10.1.1.78
Step 3: Restart ntpd, usually accomplished with /etc/init.d/ntpd restart
Once restarted, you can monitor ntpd with the command ntpq -p. This will list all of the NTP
server in use, and include diagnostic information for all known NTP servers. It may take several
minutes for an NTP server to be selected and synchronized with. Once an NTP server is
selected, it will be indicated with a * in the ntpq output.
46. 39
7.6. SAMBA:
Introduction:
Samba is a free software re-implementation of the SMB/CIFS networking protocol, and was
originally developed by Andrew Tridgell. Samba provides file and print services for various
Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either
as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active
Directory and Microsoft Windows NT domains.
Samba runs on most Unix, OpenVMS and Unix-like systems, such as Linux, Solaris, AIX and
the BSD variants, including Apple's OS X Server, and OS X client (version 10.2 and greater).
Samba is standard on nearly all distributions of Linux and is commonly included as a basic
system service on other Unix-based operating systems as well. Samba is released under the
terms of the GNU General Public License. The name Samba comes from SMB (Server
Message Block), the name of the standard protocol used by the Microsoft Windows network
file system.
Samba allows file and print sharing between computers running Microsoft Windows and
computers running Unix. It is an implementation of dozens of services and a dozen protocols,
including:
• NetBIOS over TCP/IP (NBT)
• SMB
• CIFS (an enhanced version of SMB)
• DCE/RPC or more 0…………………………………specifically, MSRPC, the Network
Neighborhood suite of protocols • A WINS server also known as a NetBIOS Name Server
(NBNS)
• The NT Domain suite of protocols which includes NT Domain Logons
• Security Accounts Manager (SAM) database
• Local Security Authority (LSA) service
• NT-style printing service (SPOOLSS), NTLM and more recently Active Directory Logon
which involves a modified version of Kerberos and a modified version of LDAP.
• DFS server
47. 40
All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB.
The NBT (NetBIOS over TCP/IP) and WINS protocols are deprecated on Windows.
Samba sets up network shares for chosen Unix directories (including all contained
subdirectories). These appear to Microsoft Windows users as normal Windows folders
accessible via the network. Unix users can either mount the shares directly as part of their file
structure using the smbmount command or, alternatively, can use a utility, smbclient (libsmb)
installed with Samba to read the shares with a similar interface to a standard command line
FTP program. Each directory can have different access privileges overlaid on top of the normal
Unix file protections. For example: home directories would have read/write access for all
known users, allowing each to access their own files. However they would still not have access
to the files of others unless that permission would normally exist. Note that the netlogon share,
typically distributed as a read only share from /etc/samba/netlogon, is the logon directory for
user logon scripts.
Samba services are implemented as two daemons:
• smbd, which provides the file and printer sharing services, and
• nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP
requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP
network.
Samba configuration is achieved by editing a single file (typically installed as /etc/smb.conf or
/etc/samba/smb.conf). Samba can also provide user logon scripts and group policy
implementation through poledit.
Samba is included in most Linux distributions and is started during the boot process. On Red
Hat, for instance, the /etc/rc.d/init.d/smb script runs at boot time, and starts both daemons.
Samba is not included in Solaris 8, but a Solaris 8-compatible version is available from the
Samba website.
Samba includes a web administration tool called Samba Web Administration Tool (SWAT).
SWAT was removed starting with version 4.1.
48. 41
Figure 7.5 The Samba Web Server
Installation:
Step 1: Install the samba-client package:
Open the terminal. Then write the following command to install the samba-client package.
[root@localhost Desktop] # yum install samba-client
Once the samba-client package is installed properly then go to the next step.
Step 2: Configure the software:
Configuring the software means changing the internal settings of the software. Internal settings
contain default port no. , default location to look up for webpages, default type of webpage to
accept etc. if there is any need to configure these settings then type the following command:
[root@localhost Desktop] # vim /etc/samba/smb.conf
Step 3: Starting the service:
Now start the service i.e. the daemon by typing following command:
[root@localhost Desktop] # systemctl start smb
The service of Samba Web Server is started.
49. 42
7.7. SSH:
Introduction:
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely
over an unsecured network. The best-known example application is for remote login to
computer systems by users.
SSH provides a secure channel over an unsecured network in a client-server architecture,
connecting an SSH client application with an SSH server. Common applications include remote
command-line login and remote command execution, but any network service can be secured
with SSH. The protocol specification distinguishes between two major versions, referred to as
SSH-1 and SSH-2.
The most visible application of the protocol is for access to shell accounts on Unix-like
operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft
announced that they would include native support for SSH in a future release.
SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such
as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably
passwords, in plaintext, rendering them susceptible to interception and disclosure using packet
analysis. The encryption used by SSH is intended to provide confidentiality and integrity of
data over an unsecured network, such as the Internet, although files leaked by Edward Snowden
indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read
the content of SSH sessions.
SSH uses public-key cryptography to authenticate the remote computer and allow it to
authenticate the user, if necessary. There are several ways to use SSH; one is to use
automatically generated public-private key pairs to simply encrypt a network connection, and
then use password authentication to log on.
Another is to use a manually generated public-private key pair to perform the authentication,
allowing users or programs to log in without having to specify a password. In this scenario,
anyone can produce a matching pair of different keys (public and private). The public key is
placed on all computers that must allow access to the owner of the matching private key 4(the
owner keeps the private key secret). While authentication is based on the private key, the key
itself is never transferred through the network during authentication. SSH only verifies whether
50. 43
the same person offering the public key also owns the matching private key. In all versions of
SSH it is important to verify unknown public keys, i.e. associate the public keys with identities,
before accepting them as valid. Accepting an attacker's public key without validation will
authorize an unauthorized attacker as a valid user.
SSH is typically used to log in to a remote machine and execute commands, but it also supports
tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated
SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model.
The standard TCP port 22 has been assigned for contacting SSH servers. An SSH client
program is typically used for establishing connections to an SSH daemon accepting remote
connections. Both are commonly present on most modern operating systems, including Mac
OS X, most distributions of Linux, OpenBSD, FreeBSD, NetBSD, Solaris and OpenVMS.
Notably, Windows is one of the few modern desktop/server OSs that does not include SSH by
default. Proprietary, freeware and open source (e.g. PuTTY and the version of OpenSSH which
is part of Cygwin) versions of various levels of complexity and completeness exist. Native
Linux file managers (e.g. Konqueror) can use the FISH protocol to provide a split-pane GUI
with drag-and-drop. The open source Windows program WinSCP provides similar file
management (synchronization, copy, remote delete) capability using PuTTY as a back-end.
Both WinSCP and PuTTY are available packaged to run directly off a USB drive, without
requiring installation onthe client machine. Setting up an SSH server in Windows typically
involves installation (e.g. via installing Cygwin ).
SSH is important in cloud computing to solve connectivity problems, avoiding the security
issues of exposing a cloud-based virtual machine directly on the Internet. An SSH tunnel can
provide a secure path over the Internet, through a firewall to a virtual machine.
SSH is a protocol that can be used for many applications across many platforms including most
Unix variants (Linux, the BSDs including Apple's OS X, and Solaris), as well as Microsoft
Windows. Some of the applications below may require features that are only available or
compatible with specific SSH clients or servers. For example, using the SSH protocol to
implement a VPN is possible, but presently only with the OpenSSH server and client
implementation.
• For login to a shell on a remote host (replacing Telnet and rlogin)
• For executing a single command on a remote host (replacing rsh)
51. 44
• For setting up automatic (password less) login to a remote server (for example, using
OpenSSH) • Secure file transfer
• In combination with rsync to back up, copy and mirror files efficiently and securely
• For forwarding or tunneling a port (not to be confused with a VPN, which routes packets
between different networks, or bridges two broadcast domains into one).
• For using as a full-fledged encrypted VPN. Note that only OpenSSH server and client
supports this feature.
• For forwarding X from a remote host (possible through multiple intermediate hosts)
• For browsing the web through an encrypted proxy connection with SSH clients that support
the SOCKS protocol.
• For securely mounting a directory on a remote server as a filesystem on a local computer
using SSHFS.
• For automated remote monitoring and management of servers through one or more of the
mechanisms discussed above.
• For development on a mobile or embedded device that supports SSH.
Figure. 7.6 The SSH Web Server
Installation:
Step 1: Install the openssh-server package:
Open the terminal. Then write the following command to install the openssh-server package.
[root@localhost Desktop] # yum install openssh-server
Once the openssh-server package is installed properly then go to the next step.
52. 45
Step 2: Configure the software: Here we don’t need to configure the configuration file because
the configuration file is already configured for the network connection. The default connection
is stable as well as acceptable over any network. The connection is secure, there is no any worry
of breaching of security over any network.
Step 3: Starting the service: Now start the service i.e. the daemon by typing following
command:
[root@localhost Desktop] # systemctl start sshd
The service of SSH Web Server is started.
7.8. Telnet:
Introduction
Telnet is an application layer protocol used on the Internet or local area networks to provide a
bidirectional interactive text-oriented communication facility using a virtual terminal
connection. User data is interspersed in-band with Telnet control information in an 8-bit byte
oriented data connection over the Transmission Control Protocol (TCP).
Telnet was developed in 1969 beginning with RFC 15, extended in RFC 854, and standardized
as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet
standards.
Historically, Telnet provided access to a command-line interface (usually, of an operating
system) on a remote host, including most network equipment and operating systems with a
configuration utility (including systems based on Windows NT). However, because of serious
security concerns when using Telnet over an open network such as the Internet, its use for this
purpose has waned significantly in favor of SSH.
The term telnet is also used to refer to the software that implements the client part of the
protocol. Telnet client applications are available for virtually all computer platforms. Telnet is
also used as a verb. To telnet means to establish a connection with the Telnet protocol, either
with command line client or with a programmatic interface. For example, a common directive
might be: "To change your password, telnet to the server, log in and run the passwd command."
Most often, a user will be telnetting to a Unix-like server system or a network device (such as
a router) and obtaining a login prompt to a command line text interface or a character- based
full-screen manager.
53. 46
When Telnet was initially developed in 1969, most users of networked computers were in the
computer departments of academic institutions, or at large private and government research
facilities. In this environment, security was not nearly as much a concern as it became after the
bandwidth explosion of the 1990s. The rise in the number of people with access to the Internet,
and by extension the number of people attempting to hack other people's servers, made
encrypted alternatives necessary.
Experts in computer security, such as SANS Institute, recommend that the use of Telnet for
remote logins should be discontinued under all normal circumstances, for the following
reasons:
• Telnet, by default, does not encrypt any data sent over the connection (including passwords),
and so it is often feasible to eavesdrop on the communications and use the password later for
malicious purposes; anybody who has access to a router, switch, hub or gateway located on the
network between the two hosts where Telnet is being used can intercept the packets passing by
and obtain login, password and whatever else is typed with a packet analyzer.
•Most implementations of Telnet have no authentication that would ensure communication is
carried out between the two desired hosts and not intercepted in the middle.
•Several vulnerabilities have been discovered over the years in commonly used Telnet
daemons.
These security-related shortcomings have seen the usage of the Telnet protocol drop rapidly,
especially on the public Internet, in favor of the Secure Shell (SSH) protocol, first released in
1995. SSH provides much of the functionality of telnet, with the addition of strong encryption
to prevent sensitive data such as passwords from being intercepted, and public key
authentication, to ensure that the remote computer is actually who it claims to be. As has
happened with other early Internet protocols, extensions to the Telnet protocol provide
Transport Layer Security (TLS) security and Simple Authentication and Security Layer
(SASL) authentication that address the above concerns. However, most Telnet
implementations do not support these extensions; and there has been relatively little interest in
implementing these as SSH is adequate for most purposes.
It is of note that there are a large number of industrial and scientific devices which have only
Telnet available as a communication option. Some are built with only a standard RS-232 port
and use a serial server hardware appliance to provide the translation between the TCP/Telnet
54. 47
data and the RS-232 serial data. In such cases, SSH is not an option unless the interface
appliance can be configured for SSH.
Figure. 7.7 The Telnet Web Server
Installation:
Step 1: Install the telnet-server package:
Open the terminal. Then write the following command to install the telnet-server package.
[root@localhost Desktop] # yum install telnet-server
Once the telnet-server package is installed properly then go to the next step.
Step 2: Configure the software: Here we don’t need to configure the configuration file because
the configuration file is already configured for the network connection. The default connection
is stable as well as acceptable over any network. The connection is secure, there is no any worry
of breaching of security over any network.
Step 3: Starting the service:
Now start the service i.e. the daemon by typing following command:
[root@localhost Desktop] # systemctl start telnet.socket
The service of Telnet Web Server is started.
7.9. The Mail Server:
55. 48
Introduction
Within Internet message handling services (MHS), a message transfer agent or mail transfer
agent (MTA) or mail relay is software that transfers electronic mail messages from one
computer to another using a client–server application architecture. An MTA implements both
the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol.
The terms mail server, mail exchanger, and MX host may also refer to a computer performing
the MTA function. The Domain Name System (DNS) associates a mail server to a domain with
an MX record containing the domain name of the host(s) providing MTA services. A mail
server is a computer that serves as an electronic post office for email. Mail exchanged across
networks is passed between mail servers that run specially designed software. This software is
built around agreed-upon, standardized protocols for handling mail messages and any data files
(such as images, multimedia or documents) that might be attached to them.
A message transfer agent receives mail from either another MTA, a mail submission agent
(MSA), or a mail user agent (MUA). The transmission details are specified by the Simple Mail
Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the
message is relayed, that is, forwarded to another MTA. Every time an MTA receives an email
message, it adds a Received trace header field to the top of the header of the message,[4]
thereby building a sequential record of MTAs handling the message. The process of choosing
a target MTA for the next hop is also described in SMTP, but can usually be overridden by
configuring the MTA software with specific routes.
An MTA works in the background, while the user usually interacts directly with a mail user
agent. One may distinguish initial submission as first passing through an MSA – port 587 is
used for communication between an MUA and an MSA while port 25 is used for
communication between MTAs, or from an MSA to an MTA;[5] this distinction is first made
in RFC 2476. For recipients hosted locally, the final delivery of email to a recipient mailbox is
the task of a message delivery agent (MDA). For this purpose the MTA transfers the message
to the message handling service component of the message delivery agent. Upon final delivery,
the Return-Path field is added to the envelope to record the return path.
The function of an MTA is usually complemented with some means for email clients to access
stored messages. This function typically employs a different protocol. The most widely
implemented open protocols for the MUA are the Post Office Protocol (POP3) and the Internet
Message Access Protocol (IMAP), but many proprietary systems exist for retrieving messages
56. 49
(e.g. Exchange, Lotus Domino/Notes). Many systems also offer a web interface for reading
and sending email that is independent of any particular MUA.
At its most basic, an MUA using POP3 downloads messages from the server mailbox onto the
local computer for display in the MUA. Messages are generally removed from the server at the
same time but most systems also allow a copy to be left behind as a backup. In contrast, an
MUA using IMAP displays messages directly from the server, although a download option for
archive purposes is usually also available. One advantage this gives IMAP is that the same
messages are visible from any computer accessing the email account, since messages aren't
routinely downloaded and deleted from the server. If set up properly, sent mail can be saved to
the server also, in contrast with POP mail, where sent messages exist only in the local MUA
and are not visible by other MUAs accessing the same account.
The IMAP protocol has features that allow uploading of mail messages and there are
implementations that can be configured to also send messages like an MTA,[6] which combine
sending a copy and storing a copy in the Sent folder in one upload operation.
The reason for using SMTP as a standalone transfer protocol is twofold:
➢ To cope with discontinuous connections. Historically, inter-network connections were
not continuously available as they are today and many readers didn't need an access
protocol, as they could access their mailbox directly (as a file) through a terminal
connection. SMTP, if configured to use backup MXes, can transparently cope with
temporary local network outages. A message can be transmitted along a variable path
by choosing the next hop from a preconfigured list of MXes with no intervention from
the originating user.
➢ Submission policies. Modern systems are designed for users to submit messages to
their local servers for policy, not technical, reasons. It was not always that way. For
example, the original Eudora email client featured direct delivery of mail to the
recipients' servers, out of necessity.
57. 50
Figure 7.8 The Mail Server
Installation:
Step 1: Install the postfix package:
Open the terminal. Then write the following command to install the postfix package.
[root@localhost Desktop] # yum install postfix
Once the postfix package is installed properly then go to the next step.
Step 2: Configure the software: Configuring the software means changing the internal settings
of the software. Internal settings contain default port no. , default location to look up for
webpages, default type of webpage to accept etc. if there is any need to configure these settings
then type the following command:
[root@localhost Desktop] # vim /etc/postfix/main.conf
This configuration file is configured default to send email to anyone but can’t receive. To
receive we have to disable firewall feature of Linux.
Step 3: Starting the service:
Now start the service i.e. the daemon by typing following command:
[root@localhost Desktop] # systemctl start postfix
The service of Mail Server is started.
58. 51
CONCLUSION
Technology staff that are new to Linux server administration need to understand that Linux
servers are different from the many Linux distributions available for workstation, or desktop
use. As with Windows server editions, Linux server editions are more powerful and are built
to serve high demands.
Linux servers include additional features for Linux server management that makes it easier to
handle network administration. These management tools include advanced system
administration features and the ability to administer databases too. Your Linux server edition
is also capable of running advanced web applications and other services.
If you’re planning on acting as a Linux server administrator you need to understand the
difference between a dedicated server, and a cloud server. A dedicated server is a machine that
is fully dedicated to your application. You rent this server from a company who acts as the
owner.
Linux server management could also involve a cloud server. Here, your server could be a part
of a pool of cloud servers, sharing physical resources with other server instances. Cloud Linux
servers are typically run as virtual machines and have their benefits, including a lower
management overhead. But some server admins prefer dedicated servers.