Linux





In mid-September of 1991, a Finnish computer science student by the name of
Linus Torvalds released Linux version 0.01, the first one ever. Torvalds claimed
that he was inspired to write the Linux kernel because buying Unix or Minix
systems was too expensive, especially for a college student. One of his most
famous emails which advertised his project to other interested developers
mentioned that the kernel project would be “nothing professional” and more of a
hobby project rather than a serious attempt at creating a brand new operating
system.
Little did he know that his kernel would gain a large amount of support, and over
the years the kernel would be greatly expanded to be capable of much more than
what it originally was.

www.mazenetsolution.com





The term "open source" refers to something that can be modified because
its design is publicly accessible.
While it originated in the context of computer software development, today
the term "open source" designates a set of values—what we call the open
source way.In general, open source projects, products, or initiatives are
those that embrace and celebrate open exchange, collaborative
participation, rapid prototyping, transparency, meritocracy, and community
development.




Red Hat Linux : One of the original Linux distribution.



The commercial, nonfree version is Red Hat Enterprise Linux, which is aimed at big
companies using Linux servers and desktops in a big way.



Free version: Fedora Project.



Debian GNU/Linux : A free software distribution. Popular for use on servers. However,
Debian is not what many would consider a distribution for beginners, as it's not designed
with ease of use in mind.



SuSE Linux : SuSE was recently purchased by Novell. This distribution is primarily
available for pay because it contains many commercial programs, although there's a
stripped-down free version that you can download.



Mandrake Linux : Mandrake is perhaps strongest on the desktop. Originally based off of
Red Hat Linux.



Gentoo Linux : Gentoo is a specialty distribution meant for programmers.

◦

Linux has been used for many computing platforms
–

◦
◦

PC, PDA, Supercomputer,…

Not only character user interface but graphical user
interface is available
Commercial vendors moved in Linux itself to provide
freely distributed code. They make their money by
compiling up various software and gathering them in a
distributable format
–

Red Hat, Slackware, etc




Everything is a file. ( Including hardware )



Small, single-purpose programs.



Ability to chain programs together to perform complex tasks.



Avoid captive user interfaces.



Configuration data stored in text.








Hardware Devices :
The lower most layer is the hardware components (i.e.
physical components like your motherboard, hard disk drive, floppy
drive, memory, etc…)
Kernel :
When your system is booted, the Linux kernel will be
loaded into the memory of your system and after that the kernel will
control the entire operating system.
Shell :
Shell is an interpreter through which a user can interact
with kernel.
Shell is program or command.
An application program may be a image editor, word
processor, music player, Games, and etc…..


man(manual) pages:
#man <command> - shows all information about the command
#<command> --help - shows the available options
for that command
File Handling commands:
• mkdir – make directories
Usage: mkdir [OPTION] DIRECTORY...
eg. mkdir prabhat
• ls – list directory contents
Usage: ls [OPTION]... [FILE]...
eg. ls, ls -l, ls prabhat
• cd – changes directories
Usage: cd [DIRECTORY]
eg. cd prabhat

• rm - remove files or directories
Usage: rm [OPTION]... FILE...
eg. rm file1.txt , rm -rf some_dir
• find – search for files in a directory hierarchy
Usage: find [OPTION] [path] [pattern]
eg. find file1.txt, find -name file1.txt
• history – prints recently used commands
Usage: history
• pwd - print name of current working directory
Usage: pwd
• vim – Vi Improved, a programmers text editor
Usage: vim [OPTION] [file]...
eg. vim file1.txt


• cp – copy files and directories
Usage: cp [OPTION]... SOURCE DEST
eg. cp sample.txt sample_copy.txt
cp sample_copy.txt target_dir
• mv – move (rename) files
Usage: mv [OPTION]... SOURCE DEST
eg. mv source.txt target_dir
mv old.txt new.txt
Text Processing:
• cat – concatenate files and print on the standard output
Usage: cat [OPTION] [FILE]...
eg. cat file1.txt file2.txt
cat -n file1.txt


• echo – display a line of text
Usage: echo [OPTION] [string] ...
eg. echo I love India
echo $HOME
• grep - print lines matching a pattern
Usage: grep [OPTION] PATTERN [FILE]...
eg. grep -i apple sample.txt
• wc - print the number of newlines, words, and bytes in files
Usage: wc [OPTION]... [FILE]...
eg. wc file1.txt
wc -L file1.txt
• sort – sort lines of text files
Usage: sort [OPTION]... [FILE]...
eg. sort file1.txt
sort -r file1.txt


Red Hat 6 RHEL Installation:
Standard installation:
1. Select Install or upgrade an existing system option on Grub Menu
2. Choose a language
3. Choose a keyboard type
4. Choose a installation media
5. Skip DVD media test (or select media test, if you want to test installation
media before installation)
6. Red Hat 6 graphical installer starts, select next
7. Accepct Pre-Release Installation
8. Select storage devices
9. Insert computer name
10. Select time zone
11. Enter a password for root user
12. Select type of installation


13. Review partition layout
14. Accept write changes to disc
15. Writing changes (creating partitions) to disc
16. Configure boot loader options
17. Select softwares to install and enable repositories
18. Customize package selection
19. Checking dependencies for installation
20. Starting installation process
21. Installing packages
22. Installation is complete
23. Selecting RHEL 6 from grub
24. Booting Red Hat 6
25. Red Hat 6 Welcome screen
26. Create normal user
27. Setup date and time and keep up-to-date with NTP
28. Login Red Hat 6 Gnome Desktop
29. Red Hat (RHEL) 6 Gnome Desktop, empty and default look


Kickstart Installations:
 What are Kickstart Installations?
 Many system administrators would prefer to use an automated installation method to install
Red Hat Enterprise Linux on their machines. To answer this need, Red Hat created the
kickstart installation method. Using kickstart, a system administrator can create a single file
containing the answers to all the questions that would normally be asked during a typical
installation.
 Kickstart files can be kept on a single server system and read by individual computers during
the installation. This installation method can support the use of a single kickstart file to install
Red Hat Enterprise Linux on multiple machines, making it ideal for network and system
administrators.
 Kickstart provides a way for users to automate a Red Hat Enterprise Linux installation.
How Do You Perform a Kickstart Installation?
 Kickstart installations can be performed using a local CD-ROM, a local hard drive, or via
NFS, FTP, or HTTP.
 To use kickstart, you must:
 Create a kickstart file.
 Create a boot media with the kickstart file or make the kickstart file available on the network.
 Make the installation tree available.
 Start the kickstart installation.


RHEL Boot process:
The following are the 6 high level stages of a typical Linux boot process.


1. BIOS
BIOS loads and executes the MBR boot loader.
2. MBR
MBR loads and executes the GRUB boot loader.
3. GRUB
GRUB just loads and executes Kernel and initrd images.
4. Kernel
Mounts the root file system as specified in the “root=” in grub.conf
Kernel executes the /sbin/init program
initrd is used by kernel as temporary root file system until kernel is booted and the
real root file system is mounted. It also contains necessary drivers compiled inside,
which helps it to access the hard drive partitions, and other hardware.


5. Init
Looks at the /etc/inittab file to decide the Linux run level.
Following are the available run levels
◦ 0 – halt
◦ 1 – Single user mode
◦ 2 – Multiuser, without NFS
◦ 3 – Full multiuser mode
◦ 4 – unused
◦ 5 – X11
◦ 6 – reboot
Init identifies the default initlevel from /etc/inittab and uses that to load all
appropriate program.
6. Runlevel programs
When the Linux system is booting up, you might see various services getting
started. For example, it might say “starting sendmail …. OK”. Those are the
runlevel programs, executed from the run level directory as defined by your run
level.


1.Boot the system and when you see the following message "Press any key to
enter the menu",press any key. (You will see the list of available kernel
versions.)
2. Press e in order to edit commands before booting.
3. Highlight the list item with vmlinuz in it by using the arrow keys and press e.
4. Now type single or init 1 at the end of the line.
5. Then press enter and b to boot the system with the new argument. (The system
will boot into single user mode and you will see bash prompt)
Now it's time to change the password:
6. Type passwd
7. Type reboot to restart the system.


Encrypt the grub password using grub-crypt
# grub-crypt
Password: GrbPwd4SysAd$
Retype password: GrbPwd4SysAd$
^9^32kwzzX./3WISQ0C
Copy the ciphertext and Modify the grub.conf file
password --encrypted ^9^32kwzzX./3WISQ0C
Save the file and restart to check


GNOME is a desktop environment and graphical user interface that runs on top of a
computer operating system. It is composed entirely of free and open source
software and is developed by both volunteers and paid contributors, the largest
corporate contributor being Red Hat. It is an international project that includes
creating software development frameworks, selecting application software for the
desktop, and working on the programs that manage application launching, file
handling, and window and task management.


Network Configuration Files
 Before delving into the interface configuration files, let us first itemize the primary
configuration files used in network configuration. Understanding the role these
files play in setting up the network stack can be helpful when customizing a Red
Hat Enterprise Linux system.


The primary network configuration files are as follows:
/etc/hosts
The main purpose of this file is to resolve hostnames that cannot be resolved any
other way. It can also be used to resolve hostnames on small networks with no
DNS server. Regardless of the type of network the computer is on, this file should
contain a line specifying the IP address of the loopback device (127.0.0.1)
as localhost.localdomain.




/etc/resolv.conf
This file specifies the IP addresses of DNS servers and the search domain. Unless
configured to do otherwise, the network initialization scripts populate this file.



/etc/sysconfig/network
This file specifies routing and host information for all network interfaces.



/etc/sysconfig/network-scripts/ifcfg-<interface-name>
For each network interface, there is a corresponding interface configuration script.
Each of these files provide information specific to a particular network interface.



To list or display more information about network interface type command:
# ifconfig | less



To assign an IP address type following command:
# ifconfig eth0 192.168.1.1 up




To take down network interface type following command:
# ifconfig eth0 down



You can also type command setup and select network configuration from menu:
# setup



If you wish to configure network interface manually then you need to edit files
stored in /etc/sysconfig/network-scripts/ directory. For example here is my
sample /etc/sysconfig/network-scripts/ifcfg-eth0 file for eth0 network interface:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=00:0F:EA:91:04:07
IPADDR=192.168.1.111
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet


RPM:
The RPM Package Manager (RPM) is a powerful command line driven package
management system capable of installing, uninstalling, verifying, querying, and
updating computer software packages. Each software package consists of an
archive of files along with information about the package like its version, a
description, and the like. There is also a library API, permitting advanced
developers to manage such transactions from programming languages such as
C or Python.







There are five basic modes for RPM command
Install : It is used to install any RPM package.
Remove : It is used to erase, remove or un-install any RPM package.
Upgrade : It is used to update the existing RPM package.
Verify : It is used to query about different RPM packages.
Query : It is used for the verification of any RPM package.


Check an RPM Signature Package
# rpm --checksig pidgin-2.7.9-5.el6.2.i686.rpm
Install an RPM Package
#rpm -ivh pidgin-2.7.9-5.el6.2.i686.rpm
check dependencies of RPM Package before Installing
# rpm -qpR BitTorrent-5.2.2-1-Python2.4.noarch.rpm




-q : Query a package
-p : List capabilities this package provides.
-R: List capabilities on which this package depends..

Install a RPM Package Without Dependencies
#rpm -ivh --nodeps BitTorrent-5.2.2-1-Python2.4.noarch.rpm


Remove a RPM Package
# rpm -e nx
Upgrade a RPM Package
# rpm -Uvh nx-3.5.0-2.el6.centos.i686.rpm
List All Installed RPM Packages
# rpm –qa
Query a Information of Installed RPM Package
# rpm -qi vsftpd
Verify a RPM Package
# rpm -Vp sqlbuddy-1.3.3-1.noarch.rpm


Yum or Yellow dog Update, Modified is a package manager that was developed by
Duke University to improve the installation of RPMs.
Yum searches numerous repositories for packages and their dependencies so they
may be installed together in an effort to alleviate dependency issues. Red Hat
Enterprise Linux 5 uses Yum to fetch packages and install RPMs.
Yum uses a configuration file at /etc/yum.conf.
1) Install a package:
yum install package
2) Remove a package:
yum remove package
3) Update a package:
yum update package


4) Search for a package:
yum search package
5) Find information about a package:
yum info package
6) List packages containing a certain term:
yum list term
7) Find what package provides a particular file:
yum whatprovides 'path/filename'
8) Update all installed packages with kernel package :
yum update
9) To update a specific package:
yum update <package-name>




The RHN Package Manager is a command line tool that allows an organization to
serve local packages associated with a private RHN channel through the RHN
Proxy Server. If you want the RHN Proxy Server to update only official Red Hat
packages, do not install the RHN Package Manager.



To use the RHN Package Manager, install the rhns-proxy-packagemanager package and its dependencies.



Only the header information for packages is uploaded to the RHN Servers. The
headers are required so that RHN can resolve package dependencies for the client
systems. The actual package files (*.rpm) are stored on the RHN Proxy Server.



The RHN Package Manager uses the same settings as the Proxy, defined in
the /etc/rhn/rhn.conf configuration file.


Kernel
A kernel is the lowest level of easily replaceable software that interfaces with the
hardware in your computer. It is responsible for interfacing all of your applications
that are running in “user mode” down to the physical hardware, and allowing
processes, known as servers, to get information from each other using inter-process
communication (IPC).
Monolithic Kernel
Monolithic kernels are the opposite of microkernels because they encompass not
only the CPU, memory, and IPC, but they also include things like device drivers,
file system management, and system server calls. Monolithic kernels tend to be
better at accessing hardware and multitasking because if a program needs to get
information from memory or another process running it has a more direct line to
access it and doesn’t have to wait in a queue to get things done. This however can
cause problems because the more things that run in supervisor mode, the more
things that can bring down your system if one doesn’t behave properly.


Kernel Module
Modules are pieces of code that can be loaded and unloaded into the kernel upon
demand. They extend the functionality of the kernel without the need to reboot the
system. For example, one type of module is the device driver, which allows the
kernel to access hardware connected to the system. Without modules, we would
have to build monolithic kernels and add new functionality directly into the kernel
image. Besides having larger kernels, this has the disadvantage of requiring us to
rebuild and reboot the kernel every time we want new functionality.
The kernel configuration file
The kernel configuration file of Debian Official kernel are available in /boot, named
after the kernel release, like /boot/config-2.6.18-6-486, or/boot/config-$(uname -r).
The proc File System
 The Linux kernel has two primary functions: to control access to physical devices
on the computer and to schedule when and how processes interact with these
devices. The /proc/ directory — also called the proc file system — contains a
hierarchy of special files which represent the current state of the kernel — allowing
applications and users to peer into the kernel's view of the system.




Within the /proc/ directory, one can find a wealth of information detailing the
system hardware and any processes currently running. In addition, some of the files
within the /proc/ directory tree can be manipulated by users and applications to
communicate configuration changes to the kernel.

sysctl : Persistent Kernel Configuration
 sysctl adds persistence to /proc/sys settings
 Statements added to /etc/sysctl.conf automatically reflected under /proc after a
reboot.
 Configuration maintained or monitored using the sysctl command:
 List all current settings: sysctl -a
 Reload settings from sysctl.conf: sysctl -p
 Set a /proc value dynamically: sysctl -w net.ipv4.ip_forward=1


GNOME System Monitor:
Unlike bandwidth, monitoring CPU utilization is much more straightforward. From
a single percentage of CPU utilization in GNOME System Monitor, to the more
in-depth statistics reported by sar, it is possible to accurately determine how much
CPU power is being consumed and by what.


top :
top is the first resource monitoring tool
While free displays only memory-related information, the top command
does a little bit of everything. CPU utilization, process statistics, memory
utilization -- top monitors it all. In addition, unlike the free command, top's
default behavior is to run continuously; there is no need to use
the watch command. Here is a sample display:


/proc/meminfo
The /proc/meminfo file stores statistics about memory usage on the Linux based
system. The same file is used by free and other utilities to report the amount of free
and used memory (both physical and swap) on the system as well as the shared
memory and buffers used by the kernel.
#cat /proc/meminfo
free command
To display free memory size in MB (megabytes):
#free –m
vmstat command
vmstat reports information about processes, memory, paging, block IO, traps, and cpu
activity.
#vmstat


Identify and Terminate Processes:
ps Command
The ps command allows you to display information about running processes. It
produces a static list, that is, a snapshot of what is running when you execute the
command. If you want a constantly updated list of running processes, use
the top command or the System Monitor application instead.
#ps ax -To display the owner alongside each process
#ps aux -ps aux displays the effective username of the process owner
(USER), the percentage of the CPU (%CPU) and memory
(%MEM) usage, the virtual memory size in kilobytes (VSZ), the
non-swapped physical memory size in kilobytes (RSS), and the
time or date the process was started.
What is a PID?
A Linux or Unix process is running instance of a program. For example, Firefox is
a running process if you are browsing the Internet. Each time you start Firefox
browser, the system is automatically assigned a unique process identification
number (PID). A PID is automatically assigned to each process when it is created
on the system.
#pidof httpd


Kill Command
Use the kill command to send a signal to each process specified by a pid (process
identifier). The default signal is SIGTERM (terminate the process).
#kill PID
#kill -s signalName PID
#kill -9 PID

Number

Name

Description

Used for

0

SIGNULL

Null

Check access to pid

1

SIGHUP

Hangup

Terminate; can be trapped

2

SIGINT

Interrupt


3

SIGQUIT

Quit

Terminate with core dump;
can be

9

SIGKILL

Kill

Forced termination; cannot be
trapped

15

SIGTERM

Terminate


24

SIGSTOP

Stop

Pause the process; cannot be
trapped

25

SIGTSTP

Terminal

stop Pause the process; can
be

26

SIGCONT

Continue

Run a stopped process

Nice command:
Run Process With Modified Scheduling Priority
#nice +n command
Renice command:
Change the Priority of a Already Running Process
#renice {priority} pid
The following will change nice value of process 2243 to 19, enter:
# renice 19 2243


cron is a Linux system process that will execute a program at a preset time. To
use cron you must prepare a text file that describes the program that you want
executed and the times that cron should execute them. Then you use
the crontab program to load the text file that describes the cron jobs into cron.
Global configuration file
/etc/crontab
To view the current state of a crontab you need to specify the -loption. You can view
another users crontab by specifying -u username
#user$ crontab -l [-u username]
To edit the state of a crontab you need to use the -e flag:
#user$ crontab -e [-u username]
30 12 * * * echo "hello world!"


The ssh command is a secure replacement for the rlogin, rsh, and telnet commands. It
allows you to log in to a remote machine as well as execute commands on a remote
machine.
To log in to a remote machine named india.example.net
#ssh india.example.net
specify a different username
#ssh username@india.example.net
If you want to execute the commandls /usr/share/doc on the remote machine
india.example.net
#ssh penguin.example.net ls /usr/share/doc


Rsync (Remote Sync) is a most commonly used command
for copying and synchronizingfiles and directories remotely as well
as locally in Linux/Unix systems. With the help of rsynccommand you can copy
and synchronize your data remotely and locally across directories, across disks and
networks, perform data backups and mirroring between two Linux machines.
# rsync options source destination
VNC
VNC is a technology for remote desktop sharing. VNC enables the desktop display
of one computer to be remotely viewed and controlled over a network connection.
This technology is useful on home computers, allowing someone to access their
desktops from another part of the house or while traveling. It is also useful for
network administrators in business environments.


When your systems are running smoothly, take some time to learn and understand
the content of various log files, which will help you when there is a crisis and you
have to look though the log files to identify the issue.
/etc/rsyslog.conf controls what goes inside some of the log files. For example,
following is the entry in rsyslog.conf for /var/log/messages.
# grep "/var/log/messages" /etc/rsyslog.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
/var/log/messages – Contains global system messages, including the messages that
are logged during system startup. There are several things that are logged in
/var/log/messages including mail, cron, daemon, kern, auth, etc.


logrotate is designed to ease administration of systems that generate large
numbers of log files. It allows automatic rotation, compression, removal,
and mailing of log files. Each log file may be handled daily, weekly,
monthly, or when it grows too large.
#logrotate /etc/logrotate.conf
The configuration file for log rotation begins with a number global directives
that control how log rotation is applied globally. Most configuration of log
rotation does not occur in the /etc/logrotate.conf file, but rather in files
located in the /etc/logrotate.d directory. Every daemon process or log file
will have its own file for configuration in this directory


A network file system is a network abstraction over a file system that
allows a remote client to access it over a network in a similar way to a
local file system. Although not the first such system, NFS has grown and
evolved into the most powerful and widely used network file system in
UNIX®. NFS permits sharing of a common file system among a multitude
of users and provides the benefit of centralizing data to minimize needed
storage.


Install NFS in Server system
# yum install nfs* -y
Create shared directories in server
 Create a shared directory named ‘/var/unixmen_share’ in server and let the client
users to read and write files in that directory.
 # mkdir /var/unixmen_share
 # chmod 755 /var/unixmen_share/
Export shared directory on NFS Server
 Open /etc/exports file and add the entry as shown below
 # vi /etc/exports /var/unixmen_share/
192.168.1.0/24(rw,sync,no_root_squash,no_all_squash)
Restart the services
In client machice to mount the directory
mount -t nfs 192.168.1.250:/var/unixmen_share/ /var/nfs_share/


Samba is an Open Source/Free Software suite that has, since 1992,
provided file and print services to all manner of SMB/CIFS clients,
including the numerous versions of Microsoft Windows operating systems.
Samba is freely available under the GNU General Public License.
Installing Samba on an RHEL 6 System
Configuring the smb.conf File
workgroup = workgroup
[tmp] path = /tmp
writeable = yes
browseable = yes
valid users = demo
Creating a Samba User
Starting samba services


The primary configuration file for the automounter is /etc/auto.master, The
master map lists autofs-controlled mount points on the system, and their
corresponding configuration files or network sources known as automount
maps
configuration file
/etc/auto.master file
/etc/auto.misc
Start the services






File Transfer Protocol (FTP) is one of the oldest and most commonly used
protocols found on the Internet today. Its purpose is to reliably transfer
files between computer hosts on a network without requiring the user to
log directly into the remote host or have knowledge of how to use the
remote system. It allows users to access files on remote systems using a
standard set of simple commands.
The Very Secure FTP Daemon (vsftpd) is designed from the ground up to
be fast, stable, and, most importantly, secure. Its ability to handle large
numbers of connections efficiently and securely is why vsftpd is the only
stand-alone FTP distributed with Red Hat Enterprise Linux.

Install FTP
/etc/vsftpd/vsftpd.conf edit the configuration file
/var/ftp/pub
share the file through the default document root
Start the services




Partitioning a hard drive allows one to logically divide the available space
into sections that can be accessed independently of one another.

An entire hard drive may be allocated to a single partition, or one may
divide the available storage space across multiple partitions. A number of
scenarios require creation multiple partitions: dual- or multi-booting, for
example, or maintaining a swap partition. In other cases, partitioning is
used as a means of logically separating data, such as creating separate
partitions for audio and video files
Three types of partitions
Primary Partitions


Extended partition
Logical Partitions


Finding the New Hard Drive in RHEL 6
# ls /dev/sd*
/dev/sda /dev/sda1 /dev/sda2
Creating Linux Partitions using fdisk
# fdisk /dev/sda
After creating , alter the partition table
Using mkfs command make filesystem for the created partition
Mount,umount – using this command mount and unmount the partition temporarily
permanent mount configuration file /etc/fstab




Computer systems have a finite amount of physical memory that is made available
to the operating system. When the operating system begins to approach the limit of
the available memory it frees up space by writing memory pages to disk. When any
of those pages are required by the operating system they are subsequently read
back into memory. The area of the disk allocated for this task is referred to as swap
space.



The current amount of swap used by an RHEL 6 system may be identified in a
number of ways. One option is to cat the /proc/swaps file



Create a normal partition and change to swap pratition using
#mkswap



Permanently mount in /etc/fstab file then
#swapon -a


Purpose of Users in Linux
- Security
- Own work space
- Processes belonging to users
/etc/passwd -This file contains the users account info
/etc/shadow -If the shadow password system is installed, this file contains the
encrypted passwords
for each user and their expiry parameters.
/etc/group -It stores group information or defines the user groups i.e. it defines the
groups to which users belong
/etc/gshadow-/etc/gshadow contains the shadowed information for group accounts


















To create a user
◦ #useradd user_name
To define a password for the user:
◦ #passwd user_name
Create a user with specific UID:
◦ #useradd -u 802 user_name
To create a group
◦ #groupadd group_name
To delete a group
#groupdel group_name
To modify user
◦ #Usermod username
To modify group
◦ #Groupmod groupnamre
To delete a user
◦ #userdel user_name


Identities
u — the user who owns the file (that is, the owner)
g — the group to which the user belongs
o — others (not the owner or the owner's group)
a — everyone or all (u, g, and o)
Permissions
r — read access
w — write access
x — execute access

eg.chmod a-rwx foo.txt

Actions
+ — adds the permission
- — removes the permission
= — makes it the only permission


r =4
w =2
x =1
#chmod 664 foo.txt
Special permissions in Linux (SUID, SGID, Sticky Bit)
SUID (Set User ID) => When a SUID bit is set on a command then that command
always executes with the User ID of its own user owner (who created it) instead of
the user who is executing it.
#chmod u+s "/path/to/command/binary"


SGID (Set Group ID)(on command binary) => When SGID permission is set on
any command, then that command runs with the Group ID of group owner of the
command's binary instead of GID of the user who is executing it. To set SGID on a
program, run:
#chmod g+s "/path/to/command/binary“

Sticky Bit => The new files created under the directory having Sticky Bit on it can be
only deleted by root or the user who created that file. No other user can delete that
file even if they have write permission on the parent directory.
EXAMPLE: /tmp directory is having Sticky Bit permission on it, that is why the
content under this can be only deleted by root or the user owner of the content/file.
To set Sticky Bit on a directory, run:
#chmod o+t /path/to/directory


When user create a file or directory under Linux or UNIX, she create it with a default
set of permissions. In most case the system defaults may be open or relaxed for file
sharing purpose. For example, if a text file has 666 permissions, it grants read and
write permission to everyone. Similarly a directory with 777 permissions, grants
read, write, and execute permission to everyone.
You can setup umask in /etc/bashrc or /etc/profile file for all users. By default most
Linux distro set it to 0022 (022) or 0002 (002). Open /etc/profile or ~/.bashrc file
#umask 022
Calculating The Final Permission For FILES
 File base permissions : 666
 umask value : 022
 subtract to get permissions of new file (666-022) : 644 (rw-r--r--)
Calculating The Final Permission For DIRECTORIES
 Directory base permissions : 777
 umask value : 022
 Subtract to get permissions of new directory (777-022) : 755 (rwxr-xr-x)







Files and directories have permission sets for the owner of the file, the group
associated with the file, and all other users for the system. However, these
permission sets have limitations. For example, different permissions cannot be
configured for different users. Thus, Access Control Lists (ACLs) were
implemented.
The Red Hat Enterprise Linux kernel provides ACL support for the ext3 file
system and NFS-exported file systems. ACLs are also recognized on ext3 file
systems accessed via Samba.
Along with support in the kernel, the acl package is required to implement ACLs. It
contains the utilities used to add, modify, remove, and retrieve ACL information.
# setfacl -m u:mark:rwx /etc/fstab
where as rwx is the permission given to the user mark to the file /etc/fstab.
# getfacl /etc
This will give the information about the permissions given to the file .
# setfacl -X g:facebook:--- /etc
This will remove the permission given to the group face-book to /etc.
-x to remove.

The Linux “tar” stands for tape archive, which is used by large number
of Linux/Unix system administrators to deal with tape drives backup. The tar
command used to rip a collection of files and directories into highly compressed
archive file commonly called tarball or tar, gzip andbzip in Linux. The tar is
most widely used command to create compressed archive files and that can be
moved easily from one disk to anther disk or machine to machine.
Create tar Archive File
# tar -cvf tecmint-14-09-12.tar /home/tecmint/
Create tar.gz Archive File
# tar cvzf MyImages-14-09-12.tar.gz /home/MyImages
Create tar.bz2 Archive File
# tar cvfj Phpfiles-org.tar.bz2 /home/php
Untar tar Archive File
# tar -xvf public_html-14-09-12.tar





LVM stands for Logical Volume Manager.
With LVM, we can create logical partitions that can span across one or more
physical hard drives. First, the hard drives are divided into physical volumes, then
those physical volumes are combined together to create the volume group and
finally the logical volumes are created from volume group.

Use fdisk command to create and manage partions.
Create Physical Volumes
#pvcreate /dev/sdb1
To verify the newly created physical volumes use the command pvdisplay.
Create Volume Groups
#vgcreate vg1 /dev/sdb1
To verify the volume group has been created or not use the command vgdisplay.


Create Logical Volume
#lvcreate -L 200M vg1 -n lv1
Verify the logical volume is created or not using command lvdisplay.
Format and Mount the logical volume
Now format the newly created logical volume and mount it in the /mnt directory or
wherever you want.
#mkfs.ext4 /dev/vg1/lv1
#mount /dev/vg1/lv1 /mnt/
Extend Volume Group Size
#Vgextend vg1 /dev/sdb1
Resize the logical vloume lv1
lvresize -L +100M /dev/vg1/lv1
Resize the filesystem of logical volume lv1
resize2fs /dev/vg1/lv1


Remove Logical Volume
Come out of the /mnt mount point, unmount the logical volume lv1 and
remove it using commandlvremove.
#umount /mnt/
# lvremove /dev/vg1/lv1
Remove Volume Group
#vgremove /dev/vg1
Remove Physical Volume
#pvremove /dev/sdb1


What Is SELinux?
SELinux is an acronym for Security-enhanced Linux. It is a security feature of the
Linux kernel. It is designed to protect the server against misconfigurations and/or
compromised daemons. It put limits and instructs server daemons or programs what
files they can access and what actions they can take by defining a security policy
Setting of SELinux
SELinux is set in three modes.
Enforcing - SELinux security policy is enforced. IF this is set SELinux is enabled
and will try to enforce the SELinux policies strictly
Permissive – SELinux prints warnings instead of enforcing. This setting will just give
warning when any SELinux policy setting is breached
Disabled – No SELinux policy is loaded. This will totally disable SELinux policies.


And SELinux is set in two levels
Targeted – Targeted processes are protected,
Mls - Multi Level Security protection.
Get SELinux Status
Example1:Is SELinux enabled or not on your box? use below command to get the
status.
#getenforce
The output will be either “Enabled” or “Disabled”
Example2: To see SELinux status in simplified way you can use sestatus
#sestatus
Sample output:
SElinux status : enabled
SELinux mount : /selinux
Current mode : enforcing
Mode from config file : enforcing
Policy version : 21
Policy from config file : targeted


Example3:To get elobrated info on difference status of SELinux on different services
use -b option along sestatus
#sestatus -b
Sample output:
# sestatus -b
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Policy booleans:
abrt_anon_write off
allow_console_login on
allow_corosync_rw_tmpfs off
allow_cvs_read_shadow off
allow_daemons_dump_core on
allow_daemons_use_tty on
allow_domain_fd_use on


We can do it in two ways
1)Permanent way : edit /etc/selinux/config
change the status of SELINUX from enforcing to disabled
SELINUX=enforcing
to
SELINUX=disabled
Save the file and exit.
2)Temporary way : Execute below command
echo 0 > /selinux/enforce
or
setenforce 0


iptables is an application used to configure tables provided by
the Linux kernel firewall. The application is run by system administrators and must
be run with elevated privileges. It must also be executed by user root or it will not
function. Typically the iptables application is installed in /usr/sbin/iptables, but
may also be installed in /sbin/iptables. Documentation on the installation can be
found in the man page, opened by executing the command "man iptables".









iptables contains five tables, which are areas where a chain of rules can apply:
raw filters packets before any of the other table. It is used mainly for configuring
exemptions from connection tracking in combination with the NOTRACK target.
filter is the default table (if no -t option is passed).
nat is used for network address translation (e.g. port forwarding). Because of
limitations in iptables, filtering should not be done here.
mangle is used for specialized packet alteration (see Mangles packet).
security is used for Mandatory Access Control networking rules.


Chains
Tables contain chains, which are lists of rules for packets that are followed in order.
The default table filter contains three built-in
chains: INPUT, OUTPUT and FORWARD.
Inbound traffic addressed to the machine itself hits the INPUT chain.
Outbound, locally-generated traffic hits the OUTPUT chain.
Routed traffic which should not be delivered locally hits the FORWARD chain.
See man 8 iptables for a description of built-in chains in other tables.
User-defined chains can be added to make rulesets more efficient.
Built-in chains have a default target, which is used if no rules are hit. Neither built-in
nor user-defined chains can be a default target.
Rules
The packet filtering is based on rules, which are specified by
multiple matches (conditions the packet must satisfy so that the rule can be
applied), and one target (action taken when the packet matches all condition).
While individual conditions are usually very simple, the full rule specification can
be very complex.


Targets are specified using the -j or --jump option. Targets can be either user-defined
chains, one of the special built-in targets, or a target extension. Built-in targets
are ACCEPT, DROP, QUEUE and RETURN, target extensions are for
example REJECT and LOG. If the target is a built-in target, the fate of the packet
is decided immediately and processing of the packet in current table is stopped. If
the target is a user-defined chain and the packet passes successfully through this
second chain, it will move to the next rule in the original chain. Target extensions
can be either terminating (as built-in targets) or non-terminating (as user-defined
chains), see man 8 iptables-extensions for details.
Showing the current rules
You can check the current ruleset and the number of hits per rule by using the
command:
# iptables -nvLChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target
prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0
bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy
ACCEPT 0K packets, 0 bytes) pkts bytes target prot opt in out source destination


Editing rules
Rules can be added either by appending a rule to a chain or inserting them at a
specific position on the chain. We will explore both methods here.
First of all, our computer is not a router (unless, of course, it is a router). We want to
change the default policy on the FORWARD chain from ACCEPT to DROP.
# iptables -P FORWARD DROP











Configuration file
Iptables rules are by default stored in /etc/iptables/iptables.rules. This file is read
by iptables.service:
# systemctl enable iptables.service # systemctl start iptables.service Iptables rules
for ipv6 are by default stored in /etc/iptables/ip6tables.rules, this file is read
by ip6tables.service. You can start it the same way as above.
After adding rules via command-line, the configuration file is not changed
automatically - you have to save it manually:
# iptables-save > /etc/iptables/iptables.rules If you edit the configuration file
manually, you have to reload it:
# systemctl reload iptables










Xen is an open source virtual machine monitor for x86-compatible computers.
XenSource Inc. and Virtual Iron Software Inc. promoted Xen as the primary open
source competitor to commercial virtualization products such as VMWare.
Xen makes it possible for multiple guest operating systems to run on a single
computer by using a software layer called a hypervisor to mediate access to the real
hardware. The hypervisor acts like a traffic cop, directing hardware access and
coordinating requests from the guest operating systems.
Red Hat Inc. includes the Xen hypervisor as part of Red Hat Enterprise Linux
(RHEL) software, describing this combination as "integrated virtualization." Sun
Microsystems provides support for Xen virtualization on Solaris 10, its version of
the Unix operating system. Other mainstream Linux distributions,
including Debian and SuSE, have the necessary kernel extensions available to
serve as the base OS for Xen.
Xen, which was released under the GNU General Public License, was originally a
research project at the University of Cambridge. XenSource, Inc., a company that
supported the development of the open source project and enterprise applications
of the software, was acquired by Citrix Systems in October 2007.


Linux

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Linux

Similar to Linux (20)

Recently uploaded

Recently uploaded (20)

Linux