KERNEL

TECH
(Skilled with Excellence)

LINUX
Reference Guide
With Lab Exercises

Student Name:

Batch:
Branch:

AMEERPET

Page 1 of 274
UNIX Basics

www. kermeltech. com

Page 2 of 274
UNIX Basics

www.kerrneltech.com

0^

Compiled bv

Mr. Musabuddin Syed

Sr. UNIX Admin
And

Linux Faculty

Kernel Technologies

Supervised and Scrutinized bv

Mr. Vinod Kumar (Rahul)

IT Architect
And

Principal consultant System & Storage

Faculty for UNIX Admin, Storage Admin andVMWARE
Kernel Technologies

Page 3 of 274
UNIX Basics

www.kerrneltech.com

Page 4 of 274
UNIX Basics

www.kerrneltech.com

Words from the compiler

Iwould like to thank Mr.Vinod Kumar(Rahul) and Ms. Jyoti Singh (MD Kernel Tech),
for giving me the opportunity to compile this book on Linux.

I would especially like to thank my Mentor Mr. Vinod Kumar (Rahul) for all his support,
guidance, supervision and patience in making of this book, without whom this could
never have been possible.

I would also like to thanks the entire dedicated Team of Kernel Technologies for their
support and suggestions in making of this book

Musabuddin Syed
Words To The Students

Though we have taken utmost efforts to present you this book error free, but still it may
contain some errors or mistakes. Students are encouraged to bring, if there are any
mistakes or errors in this document to our notice. So that it may be rectified in the next
edition of this document.

This document provides the brief information on every topic and lab practices. The
students are advice to make full use of the lab sessions, taking help of the Lab Assistants
available. Please, feel free to ask your doubts to our faculties.

"Suppressing your doubts is Hindering your growth".

We urge you to work hard and make use of the facilities we are providing to you,
because there is no substitute for hard work. We wish you all the best for your future.
"God gives every bird its food, but He does not throw it into its nest" J.G. Holland

You and yoursuggestions are valuable to us; Help us to serve you better. In case of any
suggestions, grievance, or complaints, please feels free to see our MD Ms. Jyoti Singh,
You can also write us yoursuggestions, grievance and feedback on the following
[email protected]
Jvoti(5)kerrneltech.com
musab(5) kerrneltech.com

Page 5 of 274
UNIX Basics

www. kerrneltech. com

Page 6 of 274
UNIX Basics

www.kerrneltech.com

v/lNTRODUCTION TO LINUX

09-15

s/RHEL 6 BASIC GRAPHICAL INSTALLATION

16-33

v^BASIC COMMANDS

34-55

^managing file systems and partitions

56-74

/llogical volume management (lvm)

75-93

v^user and group administration

94-113

^network configuration and troubleshooting

114-124

^managing selinux (basics of selinux)

125-133

Footing procedure and kernel parameters

134-150

y-JOB AUTOMATION

151-158

ADMINISTRATING REMOTE SYSTEM

159-168

ENHANCED USER SECURITY WITH SUDO

169-176

^SOFTWARE MANAGEMENT

177-194

v^BACKUP AND RESTORE USING TAR AND GZIP

195-197

^MANAGE INSTALLED SERVICES

198-200

y MANAGING PROCESSES

201-210

FTP (FILE TRANSFER PROTOCOL) SERVER

211-223

NFS (NETWORK FILE SYSTEM) SERVER

224-231

SAMBA SERVER

232-239

DNS (DOMAIN NAME SYSTEM) SERVER

240-250

WEB SERVER (APACHE)

251-260

KICKSTART AND NETWORK INSTALLATIONS

261-274

Page 7 of 274
UNIX Basics

www. kerrneltech. com

Page 8 of 274
UNIX Basics

www.kerrneltech.com

INTRODUCTION TO LINUX

OPERATING SYSTEMS

SINGLE-USER

MULTI-USER

TTTTTTri-.:

What is Operating System ?

Operating system is an interface between user and the computer-hardware. The hardware of the

computer cannot understand the human readable language as it works on binaries i.e^QIs-ancLlls. Also it
is very tough for humans to understand the_bjnary_language, in such case we need an interface which
can translate human language to hardware and vice-versa for effective communication.

Types of Operating System:

Single User - Single Tasking Operating System

Single User - Multitasking Operating System
Multi User - Multitasking Operating System

Single User - Single Tasking Operating System

In this type of operating system only ojiejjser can log into,svstemand can perform only one task at a
time.

E.g.: MS-DOS

Single User - Multi tasking operating System

This type of O/Ssupports only one usertojogjnlo the system but a user can perform multiple tasks at a
time, browsing internet while playing songs etc.
E.g.: Windows -98,Xp,vista,Seven etc.

Multi User - Multi Tasking Operating System

These type of O/S provides multiple users to log into the system and alsoeach user can perform various
tasks at a time. In a broader term multiple users can logged in to system and shag_the resources of the
system at the same time.
E.g.: UNIX, LINUX etc.

Page 9 of 274
UNIX Basics

www.kerrneltech.com

HISTORY OF UNIX

In the beginning, there was AT&T.

Bell Labs' Ken Thompson developed UNIX in 1969 so he could play games on a scavenged DEC PDP-7.
With the help of Dennis Ritchie, the inventor of the "C" programing language. Ken rewrote UNIX entirely
in "C" so that it could be used on different computers. In 1974, the OS was licensed to universities for
educational purposes. Over the years, hundreds of people added and improved upon the system, and it
spread into the commercial world. Dozens of different UNIX "flavors" appeared, each with unique
qualities, yet still having enough similarities to the original AT&T version. All of the "flavors" were based
on either AT&T'sSystem V or Berkeley System Distribution (BSD) UNIX, or a hybrid of both.
During the late 1980*5 there were several of commercial Implementations of UNIX:

Apple Computer's A/UX

AT&T'sSystem V Release 3
Digital Equipment Corporation's Ultrix and OSF/1 (renamed to DEC UNIX)

Hewlett Packard's HP-UX

IBM's AIX

Lynx's Real-Time UNIX

NeXT's NeXTStep
Santa Cruz Operation's SCO UNIX
Silicon Graphics' IRIX
SUN Microsystems' SUN OS and Solaris

and dozens more.

The Open Standards Foundation is a UNIX industry organization designed to keep the various UNIX
flavors working together. They created operating systems guidelines called POSIX to encourage inter
operability of applications from one flavor of UNIX to another. Portability of applications to different
gave UNIX a distinct advantage over its mainframe competition.

Then came the GUIs. Apple's Macintosh operating system and Microsoft's Windows operating
environment simplified computing tasks, and made computers more appealing to a larger number of
users. UNIX wizards enjoyed the power of the command line interface, but acknowledged the difficult
learning curve for new users. The Athena Project at MIT developed the X Windows Graphical User
Interface for UNIX computers. Also known as the Xll environment, corporations developed their own
"flavors" of the UNIX GUIs based on Xll. Eventually, a GUI standard called Motif was generally accepted
by the corporations and academia.
During the late 1990/5 Microsoft's Windows NT operating system started encroaching into traditional
UNIX businesses such as banking and high-end graphics. Although not as reliable as UNIX, NT became
popular because of the lower learning curve and its similarities to Windows 95 and 98. Many traditional
UNIX companies, such as DEC and Silicon Graphics, abandoned their OS for NT. Others, such as SUN,
focused their efforts on niche markets, such as the Internet.

Page 10 of 274
UNIX Basics

www.kerrneltech.com

fljf^

l$p*

Linus Torvalds had a dream. He wanted to create the coolest operating system in the world that was
free for anyone to use and modify. Based on an obscure UNIX flavorcalled MINIX, Linus took the source
code and created his own flavor, called Linux. Using the power of the Internet, he distributed copies of
his OS all over the world, and fellow programmers improved upon his work. In 1999, with a dozen

versions of the OS and many GUIs to choose from, Linux is causing a UNIX revival. Knowing that people
are used to the Windows tools, Unux developers are making applications that combine the best of
Windows with the best of UNIX.

UNIX Principles

Everything is a file:- UNIX system have many powerful utilities designed to create and
manipulate files. The UNIX security model is based around the security of files. By
treating everything as a file, you can secure access to hardware in the same way as you
secure access to a document.

Configuration data stored in text: - Storing configuration in text allows an administrator

to move a configuration from one machine to another easily, provide the ability to roll
back a system configuration to a particular date and time.

Small, Single-Purpose Programs:- UNIX provides many utilities.

Avoid captive user interfaces:-

Ability to chain programs together to perform complex tasks:- A core design feature of
UNIX is that output of one program can be the input for another. This gives the user the
flexibility to combine many small programs together to perform a larger, more complex
task.

GNU Project/ FSF

GNU project started in 1984

a) Goal: Create'free'UNIX clone

b) By 1990, nearly all required user space applicationcreated.

Example:-gcc, emacs, etc.

JpSl

Free Software Foundation

a) Non-Profit organization that managesthe GNU project.

jp\

0>>

GPL- GNU (General Public License)

primary license for open source software

encourages free software

All enhancements and changes to GPL software must also be GPL

Often called 'copy left' (All rights reversed)

Page 11 of 274

wvvw.kerrneltech.com

0*

'^Hk

Linux Origins

LINUS TORVALDS

a) Finnish college student in 1991

b) Created Linux Kernel
When Linux Kernel combined with GNU applications, complete free UNIX like OS was
developed.

Why Linux?

Fresh implementation of UNIX APIs

Open source development model
Supports wide variety of hardware

Supports many networking protocols and Configurations

Fullysupported

1) Linux is a UNIX like OS: Linux is a similar to UNIX as the various UNIX versions are to each
other.

2) Multi-User and Multi-tasking: Linux is a multi-user and multi-tasking operating system.

That means that more than one person can be logged on to the same Linux computer at
the same time. The same user could even be logged into their account from two or
more terminals at the same time; Linux is also Multi-Tasking. A user can have more than
one program executing at the same time.

3) Wide hardware support: Red Hat Linux support most pieces modern x86 compatible PC
hardware.

4) Fully Supported: Red Hat Linux is a fully supported distribution Red Hat Inc. provides
many support programs for the smallest to the largest companies.

Page 12 of 274
www.kerriieItech.coni

/^$$\

/^ftk

JJP*

ARCHITECTURE OF UNIX

0s

The architecture of UNIX can be divided into three levels of functionality, as shown in Figure . The lowest
level is the kernel, which schedules tasks , manages resources, and controls security. The next level is

the shell, which acts as the_user interface, interpreting user commands and starting applications. The
highest level is utilities, which provides utility functions. In other words it is the USER level, as user is the
one who operates those utilities.

jp

Page 13 of 274

w vvw. ke r rn e Ilech, com

(^

FILESYSTEM HIERARCHY SYSTEM

Linux uses single rooted, inverted tree like file system hierarchy

/
s^~

/root

This istop level directory

It is paxent-direGtoFy-for all other directories
It is called as^ROOT directory
It is represented by forward slash (/)
C:\ofwindows
it is home directory for root user (super user)
It provides working environment for root user

C:\Documents and Settings\Administrator

/home

it is home directory for other users

It provide working environment for other users (other than root)

c:\Documents and Settings\username
/boot

it contains bootable files for Linux

Like vmlinuz (kernel)

ntoskrnl
Initrd (INITial Ram Disk)and
GRUB (GRand Unified Boot loader).... boot.ini, ntldr
/etc

it contains all configuration files

Like /etc/passwd
User info
/etc/resolv.conf...
Preferred DNS

/etc/dhcpd.conf....
DHCP server
C:\windows\system32\dirvers\
/usr

by default soft wares are installed in /usr directory

(UNIX Sharable Resources)
c:\program files

/opt

It is optional directory for/usr

It contains third party softwares
c:\programfiles
*>' idyj} '^>

/bin

it contains commands used by all users

(Binary files)

/sbin

it contains commands used by only Super User (root)

(Super user's binary files)

Page 14 of 274

www.kerrneltech.com

/dev

it contains device files

Like
/dev/hda
... for hard disk
/dev/cd rom ... for ccl rom
Similar to device manager of windows

/proc

it contain process files

Its contents are not permanent, they keep changing

It is also called as Virtual Directory
Its file contain useful information used by OS
like
/proc/meminfo
...
information of RAM/SWAP

/proc/cpuinfo ...

information of CPU

/var

it is containing variable data like mails, log files .

. .- ,

'
C-ZXQ^

/mnt

it is default mount point for any partition

It is empty by default

/media

it contains all of removable media like CD-ROM, pen drive

/lib

it contains library files which are used bv OS

It is similar to dll files of windows

Library files in Linux are SO (shared object) files

I
Page 15 of 274

www.kerrneltech.coni

RHEL 6 BASIC GRAPHICAL INSTALLATION

Minimum and Recommended Requirements to install RHEL 6 are:

Hardware

Recommended

Minimum

Recommended

Minimum

Requirement for

Requirement for

Requirement for

Requirement for

RHEL6-32BIT

RHEL6-32 BIT

RHEL6-64BIT

RHEL6-64BIT

AMD/INTEL

AMD/INTEL P IV

AMD/INTEL

AMD/INTEL

PROCESSOR

DUAL CORE

CORE 2 DUO

DUAL CORE

MOTHER BOARD

NORMAL

NORMAL

VT ENABLED

VT ENABLED

RAM

1GB

384-512 MB

2 GB

768-1GB

HARD DISK

20 GB

15 GB

40 GB

20 GB

Minimum Partition creation and sizes for basic installation

Partition Name

Size For 32 Bit

Size For 64 Bit

/ (root)
/boot

8 to 10 GB

15 to 20 GB

200 MB

200 MB

SWAP

Twice of RAM

Twice of RAM

Installing RHEL6 with above specification

Enter into BIOS setting and make CD/DVD Drive as first boot device
Make sure that VT (Virtual Technology) is enabled for RHEL6-64 bit systems
Insert the RHEL 6 CD/DVD into CD/DVD drive and boot the system
If booted from CD/DVD Rom the following screen will be displayed
Helcone to Red Hat Enterprise Linux

Qnstall or upgrade an existing systen

Install systen uith basic uideo drluer
Rescue installed systen
Boot

fran

local

dr iue

Press CTab] to edit options

RED HAT
R

Page 16 of 274

www.kej-nieilech.com

9
1

Move the cursor to Install or upgrade an existingsystem and press Enter

To test the media select OK, to skip the testing move cursor to Skip and press enter

Page 17 of 274

www.kerrneltech.com

Click on Next button to move forward

1 What language would you like to use during the

' installation process?
Bulgarian (bb/irapcKH)

~~l ~

Catalan (Catala)

Chinese(Simplified) (efc (!3HS> )

"

Chinese(Traditional) (ifS: (IS) )

Croatian (Hrvatski)
Czech (Cestina)
Danish (Dansk)

Dutch (Nederlands)

' "fr'ai

Estonian (eesti keel)

Finnish (suomi)

French (Francais)
German (Deutsch)

Greek (EAAn,viKC)

Gujarati (=pr?icfl)
Hebrew (jv-mv)
Minrli fite*tt

^iBack

B^Next

Select your desired language, usually English. Click Next to continue

/"5rN Select the appropriate keyboard for

\_^J the system.

Ronianian

*N

Russian
Serbian

Serbian (latin)

Slovak (qwerty)
Slovenian

Spanish
Swedish
Swiss French

Swiss French (latinl)

Swiss German

Swiss German (latinl)

Turkish

U.S. International
Ukrainian

United Kingdom

<agack | | E^Mext
Page 18 of 274

www.kerrneltech.com

Select the keyboard type as required usually U.S English, click Next to continue
What type of devices will your Installation involve?
Basic Storage Devices

Installs or upgrades to typical types ofstorage devices. If you're notsure which option Is right for you.
this Is probably It

Specialized Storage Devices

O Installs orupgrades toenterprise devices such a*Storage Area Networks (SANs). This option wltl allow
you to add FCoE / ISCSI/ zfCP disks and to filter out devices the Installer should Ignore.

^fiack

,&*&

Select the type of storage for the Computer. Click Next to continue
l=a Pleasename this computer. The
pp hostname identifiesthe computer on a
*^ network.

Hostname: ktadmin.kts.comj

Configure Network

| <*aBack
,

| ^>Next
_j

^.

Page 19 of 274

www.kerriieltech.coni

Assign a hostname to the system, ifwish to give ip address click on Configure Network, else
Click Next to continue

Please select the nearest city in your time zone:

Selected city: Kolkata, Asia

Asia/Kolkata

E System clock uses UTC

^gack

^Next

Select the nearest city in your Time Zone and Click on Next to continue

Pase 20 of 274

www.kerrneitech.com

The root account is used for administering

the system. Enter a password for the root
user.

Root Password:
Confirm:

^Bfiack

E^Mext

Assign some password for root, then click on Next to continue

Which type of installation would you like?
Use All Space
Removes all partlttons on the selected devlceCs). This Includes partitions created by other operating

systems.

Tip: This option will remove data from the selected devlce(s). Make sure you have backups.

E?}

Replace Existing Unux Systom(s) Removes only Unux partitions (created from a previous Unux Installation). This does not remove other
partitions you may have on your storage devfeets) (such as VrAT or RKT32).

Tip: This option will remove data from the selected device's). Make sure you have backups.

Shrink current System

Shrinks existing partitions to create free space for the default layout.

Use Free Space

o

Retains your current data and partitions and uses only the unpartltloned space on the selected device
(s). assuming you have enough free space available.

<8>

...'Create Custonf Layout -

|| .,^M.r^lly;awj;a^f3fl^^

... * K--,%-?
selected c^jcefat)j,uslr>g qur|

jrHng.faBJf

D Encrypt system
13 Review and modify partitioning layout.

^agack

G>uext

Select the type of partitioning you want, to create your own partitions with custom sizes,
select Create Custom Layout and click on Next to continue
Page 21 of 274

www.kerrneltech.com

Drive/dev/sda (25600 MB) (Model: VMwnre, VMwnre Virtual S)

Fiee
25556 MB

Device
v

Size

Mount Point/

(MB)

RAID/Volume

Type Format

Hard Drives

sda

mm

Create

Eait

Reset

i Sack

Next

Click on the Free space, then click on Create to create your own partitions

Drive/dev/sda (25600 MB) (Model: VMware, VMware Virtual S)

Free

25596 MB

Device
Hard Drives

Create Storage

Size

Mo|

(MB)

RA Create Partition
Standard Partition

^ sda

Create Software RAID

Information

O RAID Partition
O

RAID De,

Create LVM

Information

O LVM Vol'.! :

O LVM Logii
O LVM Physical Volume

Cancel

Create
Reset

^aBack

} :.!> Next

Page 22 of 274
www.kcrriieltech.com

Check the box beside Standard Partition, Click on Create to continue.

Drive /dev/sda (25600 MB) (Model: VMware. VMware Virtual S)
Free

Add Partition
Device

Hard Drives

Mount Point:

/
-

File System Type:

ext4

c sda

Free

o
25600".!::

j Allowable

,'irtual S

Drives:

Size (MB):

15000

si

Additional Size Of
fixed size

O Fill ail spaceu pto (MB):

115000

O Fill to maximu m allowable size

Force to be a primary partition

Encrypt
Cancel

Reset

ok

<$SBack

Mext

Select / from Mount Point Box, give the size you wish for it and click on OK to create it.
Select the Free space again and click on Create to create another partition. Also Check the
box beside Standard Partition, Click on Create to continue

Drive /dev/sda (2S6QO MB) (Model: VMwnre. VMware Virtual S)

/dev/sda 1

ITierAdd Partition

Device

"="

Hard Drives

Mount Point:
File System Type:

Sda :.';:c-.
sdal

|/boot
ext4
i

25600 MB

VM i

Allowable Drives:

Size (MB):

200

Additional Size Options

Fixed size

O Fill all space yp to (MB):

O

Pi" to maximum allowable size

Force to be a primary partition

Encrypt
Cancel

QK

Reset

Back

Page 23 of 274

vvvvw.kernieltech.com

Select /boot from Mount Point Box, give the size 200 MB for it and click on OK to create it.
Repeat the same steps and create swap space
Please Select A

Device

Add partition
Device

Mount Point:
File System Type:

swap
El sda

sda

sdal

I< Not App!

25600 MB

VMware, VMware Virtual S

Allowable Drives:

sda2
Free

Size (M3):

|2048|

Additional Size Options

Fixed size

O Fill all space up to (MB):

O

Fill to maximum allowable size

Force to be a primary partition

ncrypt
Cancel

Reset

OK

IBack ] [ E>Next !
This time select swap from File System J_ype, give the size required and click on OK
Please Select A

Device

Device

Size I Mount Point/

Type Format
(MB) RAIDA/olume

Hard. Drives

sda .
sdal
sda2

200 /boot
15000 /

sda3

2048

Free

8351

ext4

>/

ext4

swap

v"

Beset

Create

; noc-:

Next

Page 24 of 274

vvwvv.kernieliech.com

Verify the partition and click on Next to continue with it.

Please Select A

Format Warnings
The following pre-existing devices have been selected to be
formatted, destroying all data.

Device

<
-

lard Drives
v

Device

sda

/dev/sda

sdal
sda2

partition table (MSDOS)

sda3

Free

Cancel

format

Create

Reset

Back

c*> Next

Click on Format to format the partition and continue with it.

Please Select A

Device

n,..!^ s'ze
Mount Point/ ._
e_...J
,.,_, .._.., .
Type Format

Device

(MB)

RAID/vb ume

"

Writing storage configuration to disk

JJl The partitioningoptions you have selected

n It will now be written to disk. Any data on
deleted or reformatted partitions will be lost.
Go back

| yvrite changes to disk |

Reset

Create

Next

iBack

Click on Write changes to disk to continue, if wish make changes click on Go back.
Page 25 of 274
www.kerrneltech.com

S3 Install boot loader on /dev/sda.

hange device

Use a boot loader password jChange ;isswoiti j

Boot loader operating system list
Default I Label

! Device

Add

Red Hat Enterprise Unux /dev/sda2

Edit

Qelete

<*afiack

[ ^Ciext

To change the name of boot loader select Edit and assign new name to it.
To assign password to boot loader check the box beside Use boot loader password and
assign a password to it.

To keep all as default, just click on Next button to continue.

/%

**^^b

Page 26 of 274
www.kerrneltech.coni

<^k

/^s

The default installation of Red Hat Enterprise Linux is a basic server install. You can
optionally select a different set of software now.
O Basic Server
O Database Server
O Web Server
O Virtual Host
>'

O Software Development Workstation

Please select any additional repositories that you want to use for software installation.
D High Availability
D Load Balancer
0

Red Hat Enterprise Linux

oa Add additional software repositories

j=?fModify repository

You can further customize the software selection now, or after install via the software

management application.
Customize later

O Customize now

; Back

+ Next

Select Desktop to have a graphical environment in RHEL6.

Check Customize later to install additional software later. Click on Next to continue

RED HAT
ENTERPRISE LINUX' 6

Packages completed: 13 of 1063

Installing tzdata-2010l-l.el6.noarch (1 MB)

Timezone data

Page 27 of 274

www.kerrneltech.com

Now sit back and relax until the installation is completed.

Congratulations, your Red Hat Enterprise Linux installation is complete.

Please reboot to use the installed system. Note that updates may be
available to ensure the proper functioning of your system and installation
of these updates is recommended after the reboot.
-L.

El Reboot

uVJ

When above prompt is displayed, remove the CD/DVD from the drive and click on Reboot
to reboot the system.

Page 28 of 274
www.kcrriicltccij.com

Welcome
There are a few more steps to take before your system is ready to use. The
Setup Agent will now guide you through some basic configuration. Please
click the "Forward" button in the lower right comer to continue

RED HAT-

ENTERPRISE LINUX 6

Forward

Click on Forward to move to next step.

License Information
END USER UCENSE AGREEMENT RED HAT<S> ENTERPRISE LINUX* AND RED HAT
APPLICATIONS

PLEASE READTHIS END USER LICENSE AGREEMENT CAREFULLY BEFORE USING

SOFTWAREFROM RED HAT. BY USING RED HATSOFTWARE. YOU SIGNIFY YOUR
ASSENT TO AND ACCEPTANCE OF THIS END USER LICENSE AGREEMENT AND
ACKNOWLEDGE YOU HAVE READAND UNDERSTAND THE TERMS. AN INDIVIDUAL
ACTING ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS THE
AUTHORITY TO ENTER INTO THIS END USER UCENSE AGREEMENT ON BEHALF OF
THAT ENTITY IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT. THEN
YOU MUST NOT USE THE RED HAT SOFTWARE.THIS END USER UCENSE AGREEMEN
DOES NOT PROVIDE ANY RIGHTS TO RED HAT SERVICES SUCH AS SOFTWARE
MAINTENANCE. UPGRADES OR SUPPORT. PLEASE REVIEW YOUR SERVICE OR
SUBSCRIPTION AGREEMENTS) THAT YOU MAY HAVEWITH RED HAT OR OTHER
AUTHORIZED RED HAT SERVICE PROVIDERS REGARDING SERVICESAND ASSOCIATE
PAYMENTS,

This end user license agreement ("EULA") governs the use of any of the
.versions of Red Hat Enterprise Linux, certain other Red Hat software
>J

Yes. I agree to the Ucense Agreement

O No., I do not agree

fiack

| Forward

Accept the license agreement and click on Forward to continue

Page 29 of 274

www.kerrneltech.com

Welcome

Set Up Software Updates

- License
Information

>-S et- Up

Updates

This assistant wiii guide you through

connecting your system to Red Hat
Network (RHN) for software updates, such

Create User

as:

Software

Date and Tin

Your Red Hat Network or Red Hat Network Satellite login

Kdump

A name for your system's Red Hat Network profile

The address to your Red Hat Network Satellite (optional)
IWhy Should I Connect to RHN? ...

Would you like to register your system at

this time? (Strongly recommended.)
O Yes, I'd like to register now.

No, I preferto register at a latertime]]

Forward

Back

Check No, 1 prefer to register at a later time, to skip the registration and click on Forward.
Welcome
License
Information

y setup
Software

Updates
Create User

Date and Tin

Kdump

fi|

Are you sure you don't want to connect your

system to Red Hat Network? You'll miss out on the
benefits of a Red Hat Enterprise Linux subscription:
Security & Updates:
Receive the latest software updates, including

C^X security updates, keeping this Red Hat

-' Enterprise Linux system updated and secure.
Downloads &t Upgrades:
>. Download installation images for Red Hat

'&** Enterprise Linux releases, including new releases.

Support:
.

P, Access to the technical supportexpertsat Red

jJ Hat orRed Hat's partners for help with any issues

you might encounter with this system.

Compliance:
Stay in compliance with your subscription
i~ agreement and manage subscriptions for systems
connected to your account at http://rhn.redhat.com/.
You will not be able to take advantage of these
subscriptions privileges without connecting
your system to Red Hat Network.

Joke me back to the setup process.

^o -hunks, I'll connect later.

Untitled window

Forward

'

Page 30 of 274
www.kerrneitcch.coin

Click on No thanks, to move to next step

Welcome

License
Information

Finish Updates Setup

Your system is not setup for software updates.

You won't be able to receive software updates, including

security updates, for this system.

You may access the RHN registration tool by running

RHN Registration in the System > Administration
menu.

You may access the software update tool by running

Software Update in the System > Administration
menu.

Back

Forward

Click on Forward to continue.

Create User
You must create a 'usemame' for regular (non-administrative) use of your
system. To create a system 'username', please provide the information
requested below.

Username:

ktuser

Full Namg:

ktuser

Password:

Confirm Password:

If you need to use network authentication, such as Kerberos or NIS, please

click the Use Network Login button.
Use Network Login...

If you need more control when creating the user (specifying home directory,
and/or UlD), please click the Advanced button.

I Advanced-

Back

Forward

Page 31 of 274

www.kerrneltech.com

Give a name to create a user and assign it a password. Click on Forward to continue.

License

Date and Time

JniormatiPlease set the date and time for the system.

Date and Time

Current date and time:

Sat 15 Oct 2011 06:62:00 AM 1ST

Synchronize date and time over the network

Manually set the date and time of your system:
Time

Date

<

October

< 2011 >

>

ETTEBn

iVHi!

'

Hour:

Minute :

29

10

11

12

13

14

Second :

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

x-

[4F

Back

Forward

Set the date and time and click on Forward to continue

Page 32 of 274

www.kerrneitech.com

Kdump
Kdump is a kernel crash dumping mechanism. In the event of a system
crash, kdump will capture information from your system that can be
invaluable in determining the cause of the crash. Notethat kdump does
require reserving a portion of system memory that will be unavailable for
other uses.

D Enable kdw
ii Memory

499

Back

Finish

Click on Finish and congratulation your installation is now completed.

Login using either ktuser or root user.

Page 33 of 274

www.kerrneItech.coni

BASIC COMMANDS

Creating, Removing, Copying, Moving files & Directories

Creating a file in Linux
Using cat command:

cat (Concatenate.) command is used to create a file and to display and modify the contents
of a file.

To create a file

# cat > filename (say ktfile)

Hello World

Ctrl+d (To save the file)

[rootQktlimix ~]# cat >

ktfile

Hello World

To display the content of the file

# cat filename (say ktfile)

[rootQktlimix ~]# cat ktfile
Hello

World

[root@ ktlinux

~]# 3

To append the data in the already existing file

#cat<filename>
# cat ktfile

Ctrl+d (to save the changes)

[rootQktlimix ~]# cat

ktfile

Welcome to Kernel Technologies

[rootQktlimix ~]# '

Creating multiple files at same time using touch command
#touch <filename> <filename> <filename>
#touch filel file2 file3
Note: to check the files use U Is command

[rootQktlimix ~] # touch f i l e l file2 file3

[rootQktlimix ~] # Is
f ile3
anaconda-ks . cfg
Documents
filel
install.log
De s k t op
Downloads
file2

[rootQktlinux ~]# :

Page 34 of 274

www;ke rrn el iccli.com

Creating a Directory:
tfmkdir <dirname>
#mkdir ktdir

[root@ktlinux ~]# mkdir ktdir

[root@ ktlinux ~]# Is

|ktdir |

anaconda-ks. cfg

Downloads

le3

Desktop

filel

install.log

ktfile

Documents

ile2

install. log. syslog

Music

[root@ktlinux ~]# M

Making multiple directories inside a directory

Let us make some directories accordingto the following architecture in one command.
KernelTech

Linux

Aix

advlinux linuxclstr

hacmp Ipar

Storage

san

netapp

#mkdir-pKernelTech/{Unux/{ady|{nux/linuxclstr}/Aix/{hacmp/lpar}fStorage/{san,netapp}}
Check it by usingtree command or Is-R command
,
(root@ktlinux -]# mkdir -p KernelTech/{Linux/{advlinuxllinuxclstr},Aix/{hacnipllpar},Storage/{san,net
app}}
root@ktlinux -]# tree KernelTech/
[ernelTech/
Aix

hacmp
tpar

inux

advlinux
linuxclstr

Storage

I netapp
san

9 directories, 0 files

[root@ktlinux ~]# 1

Page 35 of 274

www.kerrneitech.com

JJPn

*^lj

fWf\

Copying files into directory

^k

#cp <source filename> <destination directory in which to paste the file>

#cp filel ktdir

[rootQktlimix ~]# cp filel ktdir

[root@ktlinux ~]# cd ktdir
[root@ktlinux ktdir] # Is
filel

[rootSktlinux ktdir] # I
Copying directories from one location to other

# cp -rvfp <dir name> destination name>

#cp -rvfp ktdir2 ktdir

[rootsktlinux ~]# cp -rvfp ktdir2 ktdir
r^k

"ktdir2 -> *ktdir/ktdir2

^ktdir2/file2
-> "ktdir/ktdir2/file2
xktdir2/file3
-> ^ktdir/ktdir2/file3
^ktdir2/file4
-> "ktdir/ktdir2/file4
^ktdir2/filel
-> ^ktdir/ktdir2/filel
xktdir2/file5
-> "ktdir/ktdir2/file5
[root ktlinux ~]# cd ktdir
[rootSktlinux ktdir] # I s
filel

file2

^k

ktdir2

l"^jl

[root@ ktlinux ktdir]#

Moving files from one location to other (cut and Pastel

#mv <filename> <Destination directory>

#mvfile2 ktdir

'^sk

[roots ktlinux ~]# mv file2 ktdir

[root@ktlinux ~]# Is

anaconda-ks .cfg
Desktop

Documents
Downloads

filel

file3

install.log
install.log.syslog

[root@ktlinux ~]# cd ktdir

[rootQktlimix ktdir] # Is
filel

file2

[root@ktlinux ktdir] # |j

/sa

Page 36 of 274
www.kerrneltech.com

/^k

#*

Moving a Directory from one location to other

#mv <dir name> <destination dir name>
#mv ktdir ktdir2

[rootQktlimix ~]# Is

anaconda-ks. cfg
Desktop

Documents
Downloads

filel
file3

install. log
install.log. syslog

ktdir

ktdir2

[rootSktlinux ~]# mv ktdir ktdir2

[rootSktlinux ~]# Is

anaconda-ks. cfg Documents

filel

install.log

[ktdir2

Desktop

file3

install. log. syslog

ktfile

Downloads

[rootSktlinux -]# cd ktdir2

[rootSktlinux ktdir2]# Is

filel

file2

file3

file4

[rootSktlinux ktdir2]# I

file5 |ktdir
'

Renaming a File

#mv<oldname> <newname>
#mv ktfile kemelfile
[root@ktlinux ~]# Is

anaconda-ks.cfg
Desktop
rrontakfHmix

Documents
Downloads

~1# rat

install.log
install.log.syslog

ktfile

Pictures

Templates

MUSIC

Public

Videos

k t f 11 o

Welcome to Kernel Tech J

Lroot@ktLinux ~J# mv ktfile kernelfile

[rootSktlinux -]# Is

anaconda-ks.cfg
Desktop

Documents
Downloads

install.log
install.log.syslog

kernelfile
MUSIC

Templates

Pictures
Public

Videos

[rootSktlinux ~]# cat kernelfile

Welcome to Kernel Techl

[rootSktlinux ~]#

Renaming a Directory

The procedure arid command for renaming the directoryis exactly same as renaming a file.
#mv old name new name

#mv ktdir kerneldir

[root@ktlinux ~]# Is

anaconda-ks.cfg

Documents

install.log

kernelfile

Desktop

Downloads

install.log.syslog

ktdirI

[rootSktlinux ~]# mv ktdir kerneldir

[root@ktlinux ~]# Is

anaconda-ks.cfg
Desktop

Documents
Downloads
[rootSktlinux ~]# 1

install.log
install.log.syslog

kerneldir
kernelfile

Page 37 of 274

www.kerrneltech.com

~^im

Removing a File

#rm filename or #rm -f filename (without prompting)

[rootSktlinux ~]# Is
anaconda-ks.cfg Documents
Desktop
Downloads

install.log
install.log.syslog

kerneldir
KernelTiLe

[rootSktlinux -]# rm kernelfile

rm: remove regular file "kernelfile*? yj

Without prompting:
[rootSktlinux ~]# rm -f kernelfile
[root@ktlinux ~]# Is
anaconda-ks.cfg
Documents
install.log
Desktop
Downloads
install.log.syslog

kerneldir
Music

[rootSktlinux ~]# B
Removing an Empty directory
#rmdir dirname

/^h

[rootSktlinux ~]# Is
anaconda-ks.cfg Documents
Desktop
Downloads

install.log
install.log.syslog

kerneldir
ktdir

[rootSktlinux ~]# rmdir ktdir

[rootSktlinux ~]#Ts

anaconda-ks.cfg
Desktop

Documents
Downloads

install.log
install.log.syslog

kerneldir
Music

/^

[rootSktlinux ~]# |

Removing a directory with files or directories inside

A dir which is having some contents inside it cannot be removed by rmdir command. There are
two ways to delete the directory with contents.
i.
Remove the contents inside the directory and then run rmdir command

ii.

Run#rm -rf dimame (where r stands for recursive and f stands for forcefully.

[rootSktlinux ~]# Is

anaconda-ks.cfg Documents install.log

kerneldir
Desktop
Downloads install.log.syslog MUSIC
[rootSktlinux ~]# rmdir kerneldir/
rmdir: failed to remove "kerneldir/': Directory not empty
[rootSktlinux ~]# |rm -rt kerneldir/
[rootSktlinux ~]# Is

anaconda-ks.cfg

Documents

install.log

Music

Desktop

Downloads

install .log, syslog

Pictures
Page 38 of 274

www.kerrneltech.com

/^$\

r <mmk

VIM EDITOR
VI

Visual display editor

VIM Visual display editor improved

This is command mode editor for files. Other editors in Linux are emacs, gedit
vi editor is most popular
It has 3 modes:

Command Mode

Insert mode (edit mode)

extended command mode

Note: When you open the vim editor, it will be in the command mode by default.
In the command mode the cursor's can be used as

h/l/k/j

to move cursor left/right/up/down

Insert Mode:

v^

v^

v^

To begin insert mode at the cursor position

To insert at the beginning of line
To append to the next word's letter
To Append at the end of the line

To insert a new line below the cursor position

To insert a new line above the cursor position

Command Mode:

gg
G
w

nw

nb
u

To go to the beginning of the page

To go to end of the page
To move the cursor forward, word by word
To move the cursor backward, word by word
To move the cursor forward to n words (5W)
To move the cursor backward to n words (5B)
To undo last change (word)

Page 39 of 274
www.kernieitech.com

*%

Ctrl+R
yy
nyy

P
P

dw
x

dd
ndd

To
To
To
To
To
To
To
To

undo the previous changes (entire line)

redo the changes
copy a line
copy n lines (5yy or 4yy)
paste line below the cursor position
paste line above the cursor position
delete the word letter by letter (like Backspace)
delete the world letter by letter (like DELKey)

To delete entire line

To delete n no. of lines from cursor position(5dd)

To search a word in the file

Extended Mode: (Colon Mode)

Extended Mode is used for save and quit or save without quit using "Esc" Key with ":"

Esc+:20(n)

To
To
To
To
To
To
To
To

Esc+: se nu

To set the line numbers to the file

Esc+:se nonu

To Remove the set line numbers

Esc+:w

Esc+:q
Esc+:wq
Esc+:wl

Esc+wq!
Esc+:x
Esc+:X

Save the changes

quit (Without saving)
save and quit
save forcefully
save and quit forcefully
save and quit
give password to the file and remove password
go to line no 20 or n

To open multiple files in vim editor

#vim -o filel file2
To switch between files use Ctrl +w

y^$s

Listing files and directories:

#ls

list the file names

#ls-l
long listing of the file
#ls -\ filename
to see the permissions of a particular file
#ls-al
shows the files in ascending order of modification.
#ls p*
All the files start with p.
#ls ?ample
Files with any first character and has ample
#ls -Id I*
Directory listing only
#ls -Id directory name
to see the permissions of a particular directory
#ls [ae]*
First character of the filename must be a or e.
# Is [!ae]*
! Symbol complements the condition that follows. The characters must

/%

not be a or e.

#ls [a-m][c-z][4-9]

list all the files in specific range

/^$k

Page 40 of 274
www.kerrneltech.com

/^?i\

Types of Files:
Symbol

Type of File
Normal file

Directory
Link file (shortcut)

Blockfile (Harddisk, Floppy disk)

Character file (Keyboard, Mouse)
Symbolic Link
There are two types of Links:-

Soft Link

Hard link

Size of link file is equal to no. of

Size of both file is same

characters in the name of original file

2

Can be created across the Partition

Inode no. of source and link file is

^Can't be created across the partition

Inode no. of both file is same

different
4

if original file is deleted, link is broken

and data is lost

>/l

If original file is deleted then also link

*

SHORTCUT FILE

will contain data

BACKUP FILE

Creating a soft link:

# In -s <source file> <destination>

[rootSktlinux -]# In -s ktfile ktfile.slink

rootSktlinux ~]# Is -li ktfile ktfile.slink
- rwx rv/x rwx. 2 root root 0 Sep 17 09:21 I

5934

3394

Hrwxrwx rwx.

1 root root 6 Sep 19 07:21

[rootSktlinux -]# |

-> ktfile

Creating a Hard link:

#ln <source file> <Destination>

[rootSktlinux -]# In ktfile ktfile.hlink

[rootSktlinux ]# Is -li ktfile ktfile.hlink
J5934 - rv/x rwx rv/x 2 root root 0 Sep 17 09:21 ktfile
5934 - rv/x rv/x rv/x
2 root root 0 Sep 17 09:21 kt

[rootSktlinux -]# I

Page 41 of 274

wvvw.kerrneltech.com

/^l

Regular Expressions. Pipelines & I/O Redirections

Grep:

f^^

Grep stands for Global Regular Expression Print. It is used to pick out the required expression
from the file and print the output. If grep is combined with another command it can be used to
pick out the selected word, phrase from the output of first command and print it.
Examples of Grep:

Let us pick the information about root from the file /etc/passwd (/etc/passwd contains
information about all the users present in the system)

#grep root /etc/passwd

[rootSktlinux ~]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash

operator: x: 11:0: operator: yf root|: /sbin/nologin

[rootSktlinux ~]# |
To avoid case sensitivity of the word (i.e. the word may be uppercase of lowercase) use -i
#grep -i kernel ktfile (lets grep the word kernel whether upper of lower case in the file ktfile)

[rootSktlinux ~1# grep

Welcome to iKernell Tech

kernel ktfile

Welcome toiKerneu Tech

Welcome toI KERNELITECH

[rootSktlinux ~]# |
To display a word and 2 lines after the word:
#grep-nA2 wheel /etc/group

.';. "

[rootSktlinux ~]# grep -nA2 wheel /etc/group

111 wheell: x: 10: root

12-mail:x:12:mail,postfix
13-uucp:x:14:uucp

[rootSktlinux -]# fl
To display a word and 2 lines after the word:
#grep -nB2 wheel /etc/group

[rootSktlinux ~]# grep -nB2 wheel /etc/group

9-mem:x:8:
10-kmem:x:9:
11 :|whee U: x: 10: root

Page 42 of 274
wvvw.kerrneitech.com

^^k

jp^

To display the things except the given word:

#grep -v kernel ktfile

[rootSktlinux ~]# cat ktfile

Welcome to Kernel Tech
Linux is Freedom

[rootSktlinux ~]# grep -v Kernel ktfile

Linux is Freedom

[rootSktlinux ~]# 0
To display the searched word in color
#grep -color root/etc/passwd
Combining grep with other commands

>

# cat ktfile | grep -I kernel (pipe | is used to combine to commands)

#ls-I | grep H ktfile
# ifconfi g | grep -I ethO

Like this we can combine grep with many commands which we will see in later chapters

Filter Commands:

Filtercommands are used to filter the output so that the required thingscan easily be
picked up. Thecommands which are used to filter the output are

#less
#more

#head
#tail
#sort
#cut

#sed

Page 43 of 274

www.kerrneitech.com

less:-

The less command is used to see the output line wise or page wise.
Ex: less/etc/passwd

/^j

root :x:0:0: root:/root:-/bin/bash

bin:x:1:l:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/notogin
sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:8:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail :/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin I,
ftp:x:14:50:FTP

User:/var/ftp:/sbin/noloqin

Note: -press Enter key to scroll down line by line (or)

A^

Use d to go to next page

./

Use b to go to previous page

Use / to search for a word in the file
Use v to go vi mode where you can edit the file and once you save it you will back to less

command

/'

more:-

more is exactly same like less

Ex: #more /etc/passwd

Note: -press Enter key to scroll down line by line (or)
Use d to go to next page
Use / to search for a word in the file
Use v to go vi mode where you can edit the file and once you save it you will back to
more command

head:

It is used to display the top 10 lines of the file.

Ex:# head /etc/passwd

[rootSktlinux ~]# head

/etc/passwd

root:x:Q:O:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/va r/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/noloqin

r^ai&k

Page 44 of 274
www.kernicitech.com

^Sf^*.

To display the custom lines

#head -n /etc/passwd (where n can be any number)

[rootSktlinux ~]# head -5 /etc/passwd

root: x: 0:0: root:/root:/bin/bash

bin:x: 1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/va r/adm:/sbin/nologin
Ip:x:4:7:Ip:/var/spool/lpd:/sbin/nologin

tail:

It is used to display the last 10 lines of the file

#tail /etc/passwd
lroot@ktlinux ~J# tail /etc/passwd

apache: x: 48:48: Apache: /var/www: /sbin/nologin

nslcd:x:65:55:LDAP Client User:/:/sbin/nologin

avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

pulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin

gdm:x:42:42::/var/lib/gdm:/sbin/nologin
sshd: x: 74:74: Privilege -sepa rated SSH: /var/empty/ sshd: /sbin/nologin
tcpdump:x:72:7?::/:/sbin/nologin
visitor: x: 500:500: visitor:/home/visitor :/bin/bash
ktuser:x:501:501::/home/ktuser:/bin/bash
To display the custom lines

#tail -n /etc/passwd (where n can be any number)

[rootSktlinux ~]# tail -5 /etc/passwd
ktuser: x: 500:599:ktuser:/home/ktuser:/bin/bash
amit:x: 591:561::/home/amit:/bin/bash
vivek:x:562:502::/home/vivek:/bin/bash
musab:x:503:593::/home/musab:/bin/bash
rahul:x:564:594::/home/rahul:/bin/bash

[rootSktlinux ~]# |

Page 45 of 274

www.kerriieltech.com

Sort:

It is used to sort the output in numeric or alphabetic order

#sort filename

[rootSktlinux ~j# cat ktfile

Welcome to Kernel Tech
Welcome to Kernel Tech
,,-'%,

Welcome to Kernel Tech

Linux is Freedom
Linux is Freedom
Linux is Freedom
[rootSktlinux ~]# sort ktfile
1 i mix

i <;

Frppriom

'<''*-i-\ :W

Linux is Freedom
Linux is Freedom
Welcome to Kernel Tech
Welcome to Kernel Tech
Welcome to Kernel Tech

r\
'f

'

' '
*

,''

^-

[rootSktlinux ~]# |

'l%fk

To sort the file according to numbers

#sort -d ktfile or #sort -h ktfile

[rootSktlinux ~]# cat ktfile

4.Weicome to Kernel Tech
2.Weicome to Kernel Tech
3.Weicome to Kernel Tech
1.Linux is Freedom
6.Linux is Freedom
5.Linux is Freedom

[rootSktli nux ~]# sort -h ktfile

1.Linux is Freedom
2.Weicome to Kernel Tech
3.Weicome to Kernel Tech
4.Welcome to Kernel Tech

5.Linux is Freedom
6.Linux is Freedom

Page 46 of 274
www.kerrneltech.com

To remove the duplicate entries from the output

#sort-u ktfile

[rootSktlinux ~]# cat ktfile

Welcome to Kernel Tech
Welcome to Kernel Tech
Welcome to Kernel Tech
Linux is Freedom
Linux is Freedom
Linux is Freedom

[rootSktlinux ~]#|sort -u kttile

Linux is Freedom
Welcome to Kernel Tech

[rootSktlinux -]# |
cut command:

The cut command is used to pick the given expression (in columns) and display the output.
# cut -d -f filename (where d stands for delimiter ex.:," * etc and f stands for field)
[rootSktlinux ~]# cut -d: -fl /etc/passwd
root

bin
daemon
adm

IP
sync
shutdown
halt
mail
uucp

To delimit spaces and print the field

#cut-d""-fl filename

To delimit commas and print the field

#cut-d, -fl filename
IrootSktlinux ~]# cat hello

hello,how,are, you
[rootSktlinux ~J# cut -d, -fl hello
hello

Page 47 of 274
www.kernieltech.com

sed command:
sed stands for stream editor, which is used to search a woni in the file and replace it with the

word required to be in the output

Note: it will only modify the output, but there will be no change in the original file.

I)

#sed 's/searchfor/replacewith/g' filename

[rootSktlinux ~]# cat ktfile
Welcome to Kernel Tech

[rootSktlinux ~]# sed 's/Tech/Technologies/g' ktfile

Welcome to Kernel Technologies
[rootSktlinux ~]# cat ktfile
Welcome to Kernel Tech

*i
I/O Redirection:
Redirection is a process where we can copy the output of any command(s), file(s) into a new
file. There are two ways of redirecting the output into a file.

9
9

Using > or filename after the command, and

Using tee command
Let's see the > and option first

Syn: command > new file

Note: if the given name of the file is not available a new file will be created automatically. If
the file already exists then it will overwrite contents of that file.

9
9

[rootSktlinux ~]# cat ktfile

Welcome to Kernel Tech

[rootSktlinux -]# sed 's/Tech/Technologies/g' ktfile > ktfl

[rootSktlinux ~]# cat ktfl

Welcome to Kernel Technologies

Appending another output in same the same file

[rootSktlinux -]# cat ktfile2

Ameerpet - Hyderabad
[rootSktlinux -]# cat ktfile2
[rootSktlinux ~]# cat ktfl
Welcome, to Kernel Technologies
Ameerpet

9
ktfl

- Hyderabad

Likewise there are many options where we can use redirections

Ex:

Copying contents of two files in a new file

y

Heat filel file2 > file3

Page 48 of 274

w \vw. ke r ni eltech. com

,_

Using tee command:

The above options of redirections will not display any output, but directly save the output in
a file. Using tee command will not only redirect the output to new file but it will also display
the output.
Syn: cat <filename> | tee <new file name>
y

Note: if the given name of the file (newfile) is not available a new file will be created

automatically. If the file already exists then it will overwrite contents of the file.
#cat ktfile | tee ktfl

[rootSktlinux ~]# cat ktfile |tee ktfl

Welcome to Kernel Tech

[rootSktlinux ~]# cat ktfl

Welcome to

Kernel Tech

Appending data in the same file using tee command

Syn: cat filename |tee-a filename2
#cat ktfilel | tee -a ktfl
s*

[rootSktlinux ~]# cat ktfile |tee ktfl

Welcome to

Kernel Tech

[rootSktlinux ~]# cat ktfile2 |tee -a

ktfl

Ameerpet - Hyderabad
[rootSktlinux ~]# cat ktfl
Welcome to

Kernel Tech

Ameerpet - Hyderabad

Page 49 of 274
www.kerrneltech.com

9
Find command:

find command is used to find the files or glirtary's:path, it is exactlyjike the find option in
windows where you can search for a file.

Syntax: find / (under root) -option filename

Options that can be used with find command:
Option
-name

-inum

-type
-user

-group

Usage

For searching a file with its name

For searching a file with particular inode number
For searching a particular type of file
For files whose owner is a particular user
For files belonging to particular group

Finding a File with name

#find/-name KernelTech
[rootSktlinux -]# find / -name KernelTech

find: File system loop detected; Vvar/named/

as

Vvar/named '

/root/Ke rnelTechl
/

Finding a file with its inode number

#find/-inum 5934
[rootSktlinux ~]# find / -inum 5934
/sys/devices/virtual/block/Ioop3/dev
find: File system loop detected; Vvar/
as

*/var/named'.

find:
find:
find:

Vproc/9206/task/92G6/f d/5' : No s
Vproc/9206/task/9206/fdinfo/5' :
'/proc/9206/fd/5': No such file o

find:

Vproc/9206/f dinfo/5' :

No

such fi

/root/ktfile.hlink

/root/ktfile

[rootSktlinux -]#

9
Pa^e 50 of 274

www.kerrneltech.com

,/

Finding the files, whose owner is a user called "ktuser"

#find / -user ktuser

[rootSktlinux ~]# find / -user ktuser

find: File system loop detected; Vvar

as

Vvar/named' .

/var/spool/mail/ktuser
/home/ktuser
/home/ktuser/.mozilla

/home/ktuser/.mozilla/plugins
/home/ktuser/.mozilla/extensions
/home/ktuser/kernel2
/home/ktuser/.bashrc

/home/ktuser/. gnome2
/home/ktuser/kernell

Finding the files whose group is "ktgroup'

y #find / -group ktgroup

[rootSktlinux ~]# find / -group ktgroup
find: File system loop detected; v/var/named/chroot
as

N/var/named'.

/home/ktuser/kernel2
/home/ktuser/kernell
/home/ktuser/kernel4
/home/ktuser/kernel5
/home/ktusei7kernel3

Pase51of 274

www. ke r r n e 11e c h. c o m

File Permissions:
Permissions are applied on three levels:-

Owner or User level v""""

Group level
Others level

v"
v^"

Access modes are of three types:-

r read only
w write/edit/delete/append
x execute/run a command

Access modes are different on file and directory:

Permissions
r
w
X

Directory

Files

Open the file

'Is' the contents of dir

Write, edit, append, delete file

Add/Del/Rename contents of dir

To enter into dir using 'cd'

To run a command/shell script

[rootSktlinux ~]# Is -I ktfile

-rw-r--r--. 1 root root G Sep 17 09:21 ktfile

[rootSktlinux ~j# Is -Id ktdir/
drwxr-xr-x. 2 root root 4096 Sep 17 09:21 ktdir/
Filetype+permission, links, owner, group name of owner, size in bytes, date of modification,
file name

Permission can be set on anvfile/dirbvtwo methods:-

1 Symbolic method (ugo)

2 Absolute methods (numbers)
1 Symbolic method (ugo):

Symbolic mode: General form of symbolic mode is:

# chmod [who] [+/-/=] [permissions] file
who -> To whom the permissions to be assigned
User/owner (u); group (g); others (o)

Example: Assigning different permissions to the file (user=rwx, group=rw and others=r)

tfchmod u=rwx,g=rw,o=r ktfile (where ktfile is the name of the file)

[rootSktlinux ~]# chmod u=rvyx1g=rw,o=r ktfile

[rootSktlinux ~]# Is -I ktfile

-rwxrw-r--.

1 root root 0 Sep 17 09:21 ktfile

[rootSktlinux ~]# 1

Page 52 of 274
www.kerrneitoch.com

Assigning full permission to the file i.e. rwx to all

tfchmod ugo=rwx <file name>

[rootSktlinux ~]# Is -I ktfile

-rwxrw-r--. 1 root root 0 Sep 17 09:21 ktfile

[rootSktlinux ~]# chmod ugo=rwx ktfile

[rootSktlinux ~]# Is -I ktfile

-rv/x rwx rwx. 1 root_root 0 Sep 17 09:21 ktfile

Likewise you can add or remove permissions from anv file for anyone (user group or other)

#chmod u+x ktfile (Adding execute permission to user only)

tfchmod go-wx ktfile (Removing write and execute permissions from group and other)
#chmod go+wx ktfile (Adding write and execute permissions from group and other)
tfchmod go=r ktfile (Giving only read permission to group and other)

2 Absolute Method (numbers)

In Absolute method we use numbers instead of using symbols i.e.

Read=4

Write=2

Execute=l

Assigning different permissions to the file (user=rwx. group=rw and others=r)

#chmod 764 ktfile (where 7 means rwx i.e. 4+2+1, rw=6 i.e. 4+2 and 1 indicates x)
[rootSktlinux ~]# Is

-I
root root
[rootSktlinux ~]# chmod
[rootSktlinux ~]# Is -I
-rwxrw-r--. 1 root root
- rwx rwx rwx.

ktfile
0 Sep 17 09:21 ktfile
764 ktfile
ktfile
0 Sep 17 09:21 ktfile

Assigning full permission to the file i.e. rwx to all

#chmod 777 ktfile

[rootSktlinux ~]# Is
-rwx rw-r- -.

-I ktfile
root root 0 Sep 17 09:21 ktfile

[rootSktlinux -]# chmod 777 ktfile

[rootSktlinux ~]# Is -I ktfile
-rwxrwxrwx. 1 root root 0 Sep 17 09:21 ktfile

Likewise you can give different permissions according to your requirement

Page 53 of 274

www.kerrneliech.coni

Removing all permissions from others

tfchmod 770 ktfile (where 0 indicates no permissions)

Note: All the above permissions and procedure is same for files and directories.

Umask:

When we create any file using t""<"K-cat-ac-^i rnrnrnflnds thpy gpWrpatpri with defauJliile
permissions as stored in umask (User file creation mask).umask is a 4 digit octal number which
tells Unix which of the three permissions are to be denied rather than granted. Umask will
decide that what should be the default permissions for a file and directory when it is created.
The default umask value is 0022
tfumask

9
[rootSktlinux ~]# umask
0022

[rootSktlinux ~]# I

9
Calculation of default permissions for file and directory, basing upon the umask value

Note: For a file by default it cannot have the execute permission, so the maximum full
permission for a file at the time of creation can be 666 (i.e. 777 -111 = 666), whereas a directory
can have full permissions i.e. 777

The full permission for the file

666

Minus the umask value

-022

The default permission for file is

644

(rw-,r,r)

IxootOktlinux ~]# umask

3022
[ roo tSktlinux ~]# touch ktfile2

[ roo tSktlinux ~]# Is -I ktfile2

- rw-\~- -r- - .

root root 0 Sep 19 04:19 ktfile2

[rootSktlinux

Page 54 of 274
www. ke r in e i tec h. com

The full permission for the directory

Minus the umask value

The default permission for file is

777

- 022

755

(rwx, r-x, r-x)

Lf_gotSktlinux ~j# umask

0022

[rootSktlinux ~]# mkdir ktdir2

[rootSktlinux -]# Is -Id ktdir2

flrwxr-xr-xl 2 root root 4096 Sep 19 04:24 ktd

[rootSktlinux ~]# |
Modifying the umask value:
#umask 002

The Modified default Permission for a file will be 666-002=664 i.e. rw,rw,r, and for the
directory it will be 777-002=775 i.e. rwx,rwx,r-x.
[rootSktlinux ~]# umask

D022

[rootSktlinux ~]# umask 002

[rootSktlinux -]# umask
3002

[rootSktlinux ~]# |
Note: Create a file and a directory and check for the default permissions.

These were the few things amongst the basics; keep working to furnish your basics. After All,
"if the foundation isgood then only the building can stand still"

Page 55 of 274

www.kerrneltech.com

-*

MANAGING PARTITIONS & FILE SYSTEMS

What is a partition?

Partitioning is a means to divide a single hard drive into many logical drives. A partition is a contiguous
set of blocks on a drive that are treated as an independent disk. A partition table is an index that relates

sections of the hard drive to partitions.

Why have multiple partitions?

Encapsulate your data. Since file system corruption is local to a partition, you stand to lose only
some of your data if an accident occurs.
Increase disk space efficiency. You can format partitions witK-varvlag-block sizes, depending on
your usage. If your data is in a large number of small files (less than Ik) and your partition uses
4k sized blocks, you are wasting 3k for every file. In general, you waste on average one half of a
block for every file, so matching block size to the average size of your files is important if you
have many files.
Limit data growth. Runaway processes or maniacal users can consume so much disk space that
the operating system no longer has room on the hard drive for its bookkeeping operations. This
will lead to disaster. By segregating space, you ensure that things other than the operating
system die when allocated disk space is exhausted.

9
9

Disk Partitioning Criteria:

EXTENDED

FREE

MBR = MASTER BOOT RECORD

P= PRIMARY PARTITION
EXTENDED= EXTENDED PARTITION

L= LOGICAL PARTITION

FREE= FREE SPACE

Page 56 of 274
www.kerrneltcch.com

The Structure of Disk Partition

On the disk where O/S is installed,will have the first partition as MBR,
MBR is a Master Boot Record, which contains two important utilities, iPL (initial
Program Loader) and PTI (Partition Table information)
IPL isjgsponsible for booting the_QDating the system, because it contains the boot

loader.

In earlier versions of Linux i.e. up to RHEL 4, the default boot loader was LILO (Linux
Loader). But, since RHEL5 onwards it has been changed to GRub (Grand Unified Boot
loader), which is far more superior to LILO.

The_PJJ (Partition Table information) is the information about the number of partitions
on the disk, sizes of the partition and types of partitions.
THE CRITERIA OF DISK PARTITIONING:

Every disk can have only 3 Primary Partitions.

Primary Partition is a partition which usually holds the operating system. Only one
amongst the 3 primary partitions can be active which will be booted by MBR to load

the operating system.

Extended Partition is a special type of primary partition which can be subdivided into

multiple logical partitions. As there can be only 3 primary partitions per disk, and if
the user is required to make further partitions then all the space remaining on the
disk should be allocated to extended partition, which can be used to create the logical
partitions later. There can be onlyone extended partition per disk.

Logical partitions are the partitions which are created under extended partition, all

the space in the extended partition can be used to create any number of logical
partitions.
Disk Identification:

Different type of disks will be having different initials in Linux

IDE drive will be shown as /dev/hda

SCSI drive will be shown as /dev/sda
Virtual drive will be shown as /dev/vda

FILE SYSTEM:

It is method of storing the data in an organized fashion on the disk. Every partition on

the disk except MBR and Extended partition should be assigned with some file system
in order to make them store the data. File system is applied on the partition by
formatting it with a particular type of file system.

PaRe 57 of 274

www.kerrneltech.com

Types of file systems used in RHEL 6:

The file systems supported in Linux are ext2, ext3 and in RHEL 6 ext4, vfat, etc.
Ext file system is the widely used file system in Linux, whereas vfat is the file system to
maintain a common storage between Linux and windows (in case of multiple o/s'

EXT3

EXT4

Stands for Third Extended

Stands for Fouth Extended

EXT2
S.NO
Stands

1.

2.
3.

4.

for

File System

File System

It was introduced in 1993

It was introduced in 2001

It was introduced in 2008.

Does not have joumaling

Supports Joumaling

Supports Joumaling

feature.

Feature.

Feature.

Maximum File size can be

Maximum File Size can be

Maximum File Size can be from

from 16 GB to 2 TB

from 16 GB to 2 TB

16 GB to 16 TB i?r
Maximum ext4 file system size
is 1 EB (Exabyte). 1 EB = 1024
PB (Petabyte). 1 PB = 1024 TB
(Terabyte).

file

Maximum ext3 file system

system size can be from 2

size can be from 2 TB to 32

TB to 32 TB

TB

Cannot convert ext file

You can convert an ext2 file

system to ext2.

system to ext3 file system

directly
(without
backup/restore).

Maximum

5.

6.

Second

Extended File System

ext2

All previous ext file systems

can easily be converted into
ext4 file system. You can also
mount an existing ext3 f/s as
ext4 f/s (without having to
upgrade it).

rs~-~

MOUNTING:-

Attaching a directory to the file system in order to access the partition and its file
system is known as mounting.
The mount point is the directory (usually an empty one) in the currently accessible file
system to which a additional file system is mounted.
The /mnt directory exists by default on all Unix-like systems. It, or usually its
subdirectories (such as /mnt/floppy and /mnt/usb), are intended specifically for use as
mount points for removable media such as CDROMs, USB key drives and floppy disks.

Files which is related to mounting in Linux;

/etc/mtab is a file which stores the information of all the currently mounted file

/etc/fstab is the file which is keeps information about the permanent mount point. If
you want to make your mount point permanent, so that it will be mounted even after
reboot, then you need to make an appropriate entry in this file.

systems; it is dynamic and keeps changing.

Page 58 of 274
www.kerrneItech.coni

/^k

0s

LAB WORK:

To view the existing partitions

#fdiskH or parted-I

[root@ktcl5 Desktop]* fdisk -I

Disk /dev/sda: 32.2 GB, 32212254720 bytes

64 heads, 32 sectors/track, 36720 cylinders
Units = cylinders of 2048 * 512 = 1048576 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00090a50
Device Boot

Start
2

/dev/sdal
Partition 1 does

End
201

202

8201

8202

8192000

83

Linux

12201

4896000

83

Linux

not end on cylinder boundary.

/dev/sda4

12202

Partition 4 does

System
Linux

not end on cylinder boundary.

/dev/sda3
Partition 3 does

Id
83

not end on cylinder boundary.

/dev/sda2
Partition 2 does

Blocks
204800

30720

18963456

Extended

not end on cylinder boundary.

/dev/sda5
/dev/sda6

12204
15205

15203
17204

3072000
2048000

83

Linux

82

Linux swap / Solaris

[root@ktcl5 Desktop]^ parted -I

Model: VMv/are Virtual disk (scsi)
Disk /dev/sda: 32.2GB

Sector size (logical/physical): 512B/512B

Partition Table: msdos
Number

Start

End

Size

Type

File system

Flags

1049kB

211MB

210MB

ext4

boot

211MB

8389MB

8599MB

8599MB
12.8GB

4194MB

primary
primary
primary

12.8GB

32.2GB

19.4GB

extended

12.8GB

15.9GB

3146MB

15.9GB

18.0GB

2097MB

logical
logical

ext4
ext4
ext4

linux-swap(vl)

Note: Observe in the above picture that the device name is /dev/sda.

Page 59 of 274

www.kernieitech.com

|p\

S^m\

<^m

Partition Administration using fdisk

To enter into disk utility, the syntax is

#fdisk <disk name>

#fdisk /dev/sda

[root@ktcl5 Desktop]# [fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').

Command (m for help) :|_jn

Command action

toggle a bootable flag

edit bsd disklabel

c
d
I
m
n
o
p
q
s
t
u
v

toggle the dos compatibility flag

delete a partition
list known partition types
print this menu
add a new partition
create a new empty DOS partition table
print the partition table
quit v/ithout saving changes
create a new empty Sun disklabel
change a partition's system id
change display/entry units
verify the partition table

write table to disk and exit

extra functionality (experts only)

Command (m for help): |

Use m to list out various options that can be used in fdisk.

Page 60 of 274
www.kerrneltech.com

/1%

^tak

Creating a new partition

#fdisk /dev/sda
Use p to list out the partition information first and
Use n to create a new partition.
[root<aktcl5 Desktop]* fdisk /dev/sda
WARNING:

"T^

rT~^

"""^

DOS-compatible mode is deprecated. It's strongly recommended to

switch off the mode (command 'C) and change display units to
sectors (command

'u').

Command (m for help) :j p |

Disk /dev/sda: 32.2 GB, 32212254720 bytes
64 heads, 32 sectors/track, 30720 cylinders
Units = cylinders of 2048 * 512 = 1Q48576 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier:

6xOO09Oa56

Device Boot
*
/dev/sdal

Start
2
not end on

Partition

does

/dev/sda2

262

Partition 2

8202

not end on

does

not

12202

/dev/sda5
/dev/sda6

end

Id

System

83

Linux

83

Linux

83

Linux

cylinder boundary.

4096666

cylinder boundary.
36728

on

8192666

cylinder boundary.
12261

does

/dev/sda4
Partition

Blocks
204800

8261

does not end on

/dev/sda3
Partition 3

End
261

18963456

Extend

cylinder boundary.

12204

15263

3072000

83

15205

17264

2048666

82

Linux
Linux .

Command (m for help): fl

Now use nto create a new partition and verify it again with p.

Command (m for help): [n]

First cylinder (12202-38728, default 12282): 17285
Last cylinder, +cylinders or +size{K,M,G} (17285-38728, default 38728): +508M

Command (m for help): [p]

Disk /dev/sda: 32.2 GB, 32212254728 bytes
64 heads, 32 sectors/track, 38726 cylinders
Units = cylinders of 2048 * 512 = 1848576 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 6x00098a58
Device Boot

/dev/sdal

Partition 1 does

/dev/sda2
Partition 2 does

/dev/sda3
Partition 3 does

/dev/sda4
Partition 4 does

Start
2

End

Blocks

Id

System

281

284800

83

Linux

83

Linux

83

Linux

not end on cylinder boundary.

202

8201

8192000

not end on cylinder boundary.

8202

12201

4096000

not end on cylinder boundary.

12202

30720

18963456

Extended

not end on cylinder boundary.

/dev/sda5
/dev/sda6

12204

15203

15205

17204

|/dev/sda7

17205

17705

3072000
2048000
513008

83

Linux

82

Linux swap / Solaris

83

Linux

Page 61 of274

www.kerrneltech.com

-/fPN

/^|V

Deleting a partition

Let's delete the partition we've created above i.e. /dev/sda7

Use d to delete a partition and specify the device name, in our case it is 7.

Command (m for help): d

Partition number (1-7): 7

Note: Never delete the system partitions i.e. 1-7

Saving the partition changes

Every time you make a partition or delete a partition, the changes made has to be saved using
w, otherwise the creation and deletion will not be considered to be happen. For practice
purpose you can make any no. of partition and delete it and just quit using q so that it will not
be saved.

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at

the next reboot or after you run partprobe(8) or kpartx(8)

Syncing disks.

[root@ktcl5 Desktop]* |

Updating the partition table without restarting the system

After creating or deleting a partition the changes will be.effected in the partition table only
after the restart of the system. But there is a way to avoid this circumstance. We can use
partprobe or partx command to update the partition information without restarting the system

#partprobe /dev/sda ,,
Or

#partx-a/dev/sda
Or

#kpartx /dev/sda
Note: In RHEL6 partprobe is not functioning properly, so it is recommended to use partx
command only.

Now then we have learnt creating a partition. Lefs see how to format a partition with a
particular file system.

Page 62 of 274
www.kerrneltech.com

Formatting a partition with ext4 filesvstem

After creatinga partition we need to assign some file system to it so that we can start storing
the data into it. To format a partition the following syntax is used.
# mkfs.<file system typo <partition name>

#mkfs.ext4/dev/sda7 (where sda7 isour newly created partition)

[root<aktcl5 Desktop]* mkfs.ext4 /dev/sda7
inke2fs 1.41.12 (17-Hay-2010)
Filesystem label=
OS type: Linux

Block size=1924 (log=0)

Fragment size=1024 (log=6)
Stride=e blocks, Stripe width=8 blocks
128520 inodes, 513008 blocks

25656 blocks (5.88%) reserved for the super user

First data block=l

Maximum filesystem blocks=67633152

63 block groups

8192 blocks per group, 8192 fragments per group

2046 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185, 401489

Writing inode tables: done

Creating journal (8192 blocks): done

Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 38 mounts or

180 days, whichever comes first.

Use tune2fs -c or -i to override.

[root@ktcl5 Desktop]# |

Likewiseyou can format the different partitions with different file systems like

#mkfs.ext3 /dev/sda8
#mkfs.vfat/dev/sda9

Note: Even after formatting the partition we cannot add the data into the partition. In order
to add the data in the partition it is required to be mounted.

Page 63 of 274

www. kerrn eltech.com

jp\

Mounting a partition

Mounting is a procedure where we attach a directory to the file system. There are two types of
mounting which will be used in Linux or any UNIX.

$k

Temporary Mounting
Permanent Mounting

Temporary Mounting

In a temporary mount point we will create a directory and mount it, but this mount point will
last only till the system is up, once it is rebooted the mounting will be lost.
Syntax:

#mount <device name> <directory name (mount point)>

#mount /dev/sda7 /kernel
[root@ktcl5--]# mkdir /kernel
[root@ktcl5 ~]# mount /dev/sda7 /kernel

'-.?

[root@ktcl5 ~]# I
To View allthe mounted partitions
#mount

/-i
: a N,

[root@ktcl5 ~]# mount

/dev/sda3 on / type ext4 (rw)

proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5>mode=626)

tmpfs on /dev/shm type tmpfs (rw,rootcontext=,,system_u:object_r:tmpfs_t:s0,,)

/dev/sdal on /boot type ext4 (rw)
/dev/sda5 on /home type ext4 (rw)
/dev/sda2 on /usr type ext4 (rw)

none on /proc/sys/fs/binfmt_misc type binfmtjraisc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
gvfs-fuse-daemon on /root/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev)
/dev/sr8 on /media/RHEL_6.8 X8664 Disc 1 type iso9668 (ro,nosuid,nodev,uhelper

/^ll

mode=0590)

fdev/sda7 on /kernel type ext4 (rw)

[root@ktcl5 ~]# fl

Now we have successfully mounted the partition we can access it and can store the data

to add the data access the mount point

#cd /kernel
Add the data and exit the directory

Unmounting a partition

#umount <mount point directory>

#umount /kernel
verify it with mount command.
Page 64 of 274
www.kerrneltech.com

^%

Permanent Mounting

Permanent mounting procedure is exactly same like temp mounting, but here we will update

the /etc/fstab file with the mounting details, so that it will be mounted even after the system is
reboot.

Steps To make a permanent mount point:

Make a directory or use an existing directory

Add entry in /etc/fstab file

Use mount -a command to check it is mounting, (mount -a will mount all the entry
placed in /etc/fstab)

Herewe will be using our existing/kernel directoryas mount point which is created previously.

#vim /etc/fstab
#

# /etc/fstab

# Created by anaconda on Fri Nov 5 88:95:42 2016

#

# Accessible filesystems, by reference, are maintained under '/dev/disk'

# See man pages fstab{5), findfs(8), mount(8) and/or blkid(8) for more info
#

UUID=62419cbf-4435-4798-b879-8f821el5cd5b
UUID=46aa65bl-Sd68-432a-9d64-69ae332feb2d
UUID=4f72eaef-8667-450c-ab56-ed36d5dfb8b6
UUID=948a9c29-3a8f-4b6b-a84b-aaa7be57e2a8

/
/boot
/home
/usr

ext4
ext4
ext4
ext4

UUID=204d9293-fe4e-4dc2-89cd-816c7a986188 swap
tmpfs
/dev/shm
tmpfs
devpts
/dev/pts
devpts
sysfs
/sys
sysfs
proc
fdev/sda7

/proc
/kernel

Mount Point

swap
defaults
gid=5,mode=629
defaults

e
e

proc

defaults

ext4

defaults

Device Name

defaults
defaults
defaults
defaults
defaults

1 2
1 2
1 2
e

Type of FS Mount options Dumping Check Sequence

#mount -a
Iroot@Ktc15 ~j# mount -a

[root<aktcl5 ~]# mount

/dev/sda3 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

tiapfs on /dev/shm type tmpfs (, rootcontext^system_u:object_r:tmpfs_t:s0'')

/dev/sdal on /boot type ext4 (rw)
/dev/sda5 on /home type ext4 (rw)
/dev/sda2 on /usr type ext4 (rw)

none on /proc/sys/fs/binfmt_misc type binfmtjnisc (rw)

sunrpc on /var/lib/nfs/rpcpipefs type rpcpipefs (rw)
gvfs-fuse-daemon on /root/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev)
/dev/sre on /media/RHEL_6.0 x86 64 Disc 1 type iso9660 (ro,nosuid,nodev,uhelper

mode=85eo)
t/dev/sda7 on /Kernel type ext4 (r\'/)|
[root(aktcl5 ~]# fl

Page 65 of 274

www.kerrneltech.com

./iilN

You can now access the directory and add, delete or modify the contents and can also unmount
the file system at any point
Sometimes a directory reflects error while unmouting, the possible causes for it are
You are in the same directory and trying to unmount it. Check with pwd command
Some users are present in the directory and using the contents in it.

Checkwith fuser -cu /dev/sda7

[root@ktcl5 -]# fuser -cu /dev/sda7

/dev/sda7:
5821c(ktuser)

[root@ktcl5 -]# I

Check for the files which are open with lsof/dev/sda7

Kill the open connections using fuser -ck /kernel/hello where hello is the file which is
open.

Now you can use umount command to unmount the file system. .-*

To view the usage information of mounted partition:

Tq view the usage information of mounted partition use the command df-h
#df-h
M,
Lroot@ktcl5 ~J# df -h
Filesystem
Size Used Avail Use% Mounted on
/dev/sda3

3.9G

tmpfs

499M

/dev/sdal
/dev/sda5
/dev/sda2
/dev/sr6
/dev/sda7
[root@ktcl5

194M

2.9G
7.7G
3.2G
486M

383M
372K
39H
69H
3.1G
3.2G
11H

3.3G 11% /
499H
1% /dev/shm
146M 21% /boot
2.7G
3% /home
4.3G 42% /usr
8 169% /media/RHEL 6.0 x86 64 Disc 1
456M
3% /kernel

~l#l

To view the size of a file or directory

To view the size of the file or directory uses the command du -h file or directory name.
Assigning label to the partition:

Assigning the label is giving some name to the partition. To assign label to the partition e2label
command is used
^sa

Syntax

#e2label <partition name> <label>

To check the label

#e2label /dev/sda7 ktdisk

#e2label/dev/sda7

[root@ktcl5 -]# e2label /dev/sda7 ktdisk

[root@ktcl5 ~]# e2label /dev/sda7
ktdisk

To list all the mounted partition along with their labels, use mount-I command

Page 66 of 274
www.kerrneltech.com

IP*

Mounting a partition using its label:

Mounting a /dev/sda7 partition with its label ktdisk, verify it with mount command
[root@ktcl5 ~]# mount LABEb=ktdisk /kernel
[root@ktcl5 ~]# mount
Making a permanent mount point using label

As we know that to make a permanent mount point, an entryhas to be made in /etc/fstab

file.

#vim /etc/fstab
tmpfs
devpts

/dev/shm

sysfs

/sys
/proc

proc

|LABbL=ktdisk~

tmpfs
devpts
sysfs

/dev/pts

/Kernel

defaults
gid=5,mode=620
defaults

0 0
0 6
8 8

proc

defaults

68

ext4

qeTauits

6 9"|

Now use mount -a command and verify it with mount command whether it is mounted or
not.

Mounting a partition permanently with its block id (UUID)

To check the uuid of a partition use blkid /dev/sda7 command.

Copy the uuid

Make an entry in /etc/fstab usingUUID

Verify it with mount -a option

[root@ktcl5 ~|# blkid /dev/sda7

/dev/sda7: LABEL=ktdisk"| UUID=f489d8bl-ffca-4e21-917a-7b82ceedd255nl TYPE=ext4'

[root@ktcl5 ~]# I

'

#vim/etc/fstab
tmpfs
devpts
sysfs
proc

/dev/shm

/dev/pts
/sys
/proc

L)UID=f489d0bl-ffca 4e21 -917a-7b82c0edd255

trapfs
devpts
sysfs

defaults
gid=5,raode=620
defaults

9 e
9 0
9 8

proc

defaults

8 9

/kernel

ext4

defaults

JP

Nowmount it with mount-a command and verify it with mount command

Page 67 of 274

|pN

www.kerriieltech.com

Creating a Swap Partition:

Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system
needs more memory resources and the RAM is full, inactive pages in memory are moved to the
swap space. While swap space can help machines with a small amount of RAM, it should not be
considered a replacement for more RAM. Swap space is located on hard drives, which have a
slower access time than physical memory.
Recommended System Swap Space

p '-

Recommended Amount ofSwaSpacej^|pSff^

a minimum of 2GB of swap space
a minimum of 4GB of swap space
a minimum of 8GB of swap space
a minimum of 16GB of swap space
a minimum of 32GB of swap space

4GB of RAM or less

4GB to 16GB of RAM

16GB to 64GB of RAM

64GB to 256GB of RAM
256GB to 512GB of RAM
The Basic Rule for the Size of SWAP:

Apart from the above recommendation a basic rule is applied to create the swap partitions
if the size of the RAM is less than or equal to 2GB, then size of SWAP=2 X RAM SIZE

If the size of the RAM is more than 2GB, then size of SWAP= 2GB + size of the RAM

Swap space is compulsory to be created at the time of installation. But, additional swap spaces
can be created and deleted at any point of time, when it is required. Sometimes we need to
increase the swap space, so we create additional swap spaces which will be added to the
existing swap space to increase the size.
V-

Commands to be used in maintaining Swap spaces

To see the memory size and the swap space size

#free -m
I?

*- -%,

To see the swap usage use

#swapon -s

A To format the partition with swap file system use

#mkswap <parititon name>

To activate the swap space use

#swapon <partition name>

To deactivate the swap space use

#swapoff <partition name>

Page 68 of 274
www.kerrneltech.com

gps

Creating a Swap partion

ip>

Create a normal partition using fdisk and change hex code to make it swap partition.

The hex code for SWAP is 82. (To change the use t in fdisk and list all the hex code use I)
Update the partition table using partx -a command
[root@ktlinux /]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to

switch off the mode (command *c*) and change display units to
sectors (command 'u').

Command (m for help): n

First cylinder (4426-6527, default 4426):

Using default value 4426

Last cylinder, +cylinders or +size{K,M,G} (4426-6527, default 6527): +566M

Command (m for help): t

Partition number (l-6):[_6]

Hex code (type L to list codes):

82

Changed system type of partition 6 to 82 (Linux swap / Solaris)

Command (m for help): p

Disk /dev/sda: 53.7 GB, 53687691266 bytes

255 heads, 63 sectors/track, 6527 cylinders
Units = cylinders of 16065 * 512 = 8225288 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: ex0666d4e7
Device Boot

/dev/sdal
/dev/sda2
/dev/sda3
/dev/sda4
/dev/sda5
/dev/sda6

Start

End

Blocks

Id

System

3825

36720000

8e

3825

3851

204860

83

Linux LVM
Linux

3851

4361

4096000

82

4361

6527

17406303+

4361

4425

521957

83

Extended
Linux

4426

4496

522081

82

Linux swap / Solaris

Linux swap / Solaris

Format the partition with swap file system

flmkswap /dev/sda6

[rootSktlinux /]# mkswap /dev/sda6

Setting up swapspace version 1, size = 522076 KiB
no label, UUID=d3d25afa-71d6-4339-a88a-864Of2680a74
[rootSktlinux /]# 1

Page 69 of 274

www.kerrneltech.coni

<**^\

Turn on the newly created swap space and verify it.

To turn on the swap space the syntax is
flswapon /dev/sda6
[rootSktlinux /]# swapon /dev/sda6
[rootSktlinux /]# swapon -s
Filename

/dev/sda3
/dev/sda6
[rootSktlinux /]# free -m

Size

Used

Priority

Type
partition

4095992 0

-1

partition

522072

-2

total

used

free

shared

buffers

cached

2907

741

1266

272

-/+ buffers/cache:

464

1543

4509

Mem:

Swap:

4569

Making the Newtv Created SWAP Partition to mount after reboot.

In order to make the swap partition mount automatic after reboot, we need to make an

entry in /etc/fstab file.

"$

#vim /etc/fstab
#

# /etc/fstab

# Created by anaconda on Wed Nov 18 86:40:21 2818

# Accessible filesystems, by reference, are maintained under Vdev/disk

# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8 1 for more info

/dev/mapper/vg ktlinux-rootI v /

ext4

defaults

UUID=ce33cb92-21b8-49c8-95fc-17f48437d44b /boot

ext4

/dev/mapper/vg ktlinux-home I v /home

/dev/mapper/vg ktlinux-usrlv /usr
/dev/mapper/vg ktlinux-varlv /var

ext4
ext4
ext4

UUID=68dcea45 - f 68b-473d -b953 - Ofbc5b63d5fc swap

tmpfs
/dev/shm
tmpfs
devpts
/dev/pts
devpts

1 1

defaults

defaults

defaults
defaults
swap

1 2

1 2
1 2

1 2

defaults

sysfs
proc

/sys
/proc

sysfs
proc

defaults
gid= 3,mode=620
defaults
defaults

/dev/mapper/ktpart

/kernel

ext4

defaults

8 e

/dev/sda6

swap

swap

defaults

8 8

8 e

0 8

8 a
8 8
6 e

Removing the SWAP Partition

Deactivate the swap partition

#swapoff <devtce name>
Remove the entry from /etc/fstab.
Delete the partition through fdisk
/^!k

Page 70 of 274
www.kerrneltech.com

/^i|

Encrypting a Partition using LUKS (Linux Unified Key Setup):

LUKS is a standard format for device encryption.

LUKS ensures the data protection inside the partition, especially against the data
breach.

It encrypts the partition or volume, which will decrypt only by providing correct
password.

The partition must be decrypted before the file system in it can be mounted.
Once it is open (decrypted), you can work with the partition normally i.e. mounting and
adding the data to the partition.
After the completion of work the partition has to be closed i.e. encrypted, so that it
cannot be mounted nor can be accessible by others, unless you lose password.
Commands used in LUKS encryption:

cryptsetup luksFormat: To Format the partition with encryption, and assigning the
password.

cryptsetup luksOpen: To open or decrypt the partition, (password will be required) and
the you need to assign some name to it, which will be used for further operation as
/dev/mapper/name.
crypsetup luksClose: To Close or encrypt back the partition after use.
cryptsetup luksAddKey: To add the key (password) to the configuration to automatically
decrypting the partition.

Steps to Encrypt the Partition:

1. Create a normal partition using fdisk.

2. Format the partition using luks and assign the passphrase.
3. Decrypt the partition.

4. Now format again using normal ext4 formatting.

5. Mount the partition, Make a permanent mount.
6. Access the partition and add the data

7. Unmount the partition, and close the partition i.e. encrypt back.
1. Create a normal partition using fdisk.

#fdisk /dev/sda and create a partition ofsize 500MB

Device Boot

/dev/sdal
/dev/sda2
/dev/sda3

Start

End

Blocks

Id

System

3825

30720000

8e

3825

3851

204800

83

Linux LVM
Linux

82

Linux swap / Solaris

3851

4361

4096000

/dev/sda4

4361

6527

17406303+

Kdev/sda5
[rootSktlinux --]#B

4361

4425

521957

5
83

Extended
Linux

Page 71 of 274

www.kernieltech.coni

^v

2. Format the partition using luks and assign the passphrase.

To encrypting a partition using luks the command is
#cryptsetup luksFormat /dev/sda5
It will prompt us to continue, type uppercase YES to continue
Then it will ask you to assign a passphrase and verify it, which will be used later to
decrypt the partition.

[rootSktlinux -]# cryptsetup luksFormat /dev/sda5

WARNING!

This will overwrite data on /dev/sda5 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:

[rootSktlinux ~]# |
3. Decrypt the partition.
To decrypt the partition for further use, make use of the following steps

#cryptsetup luksOpen /dev/sda5 ktpart

Where ktpart is the name given to the partition, it is mandatory to give a name to
the partition. You can assign any name.
It will ask passphrase; enter the passphrase to decrypt it. (it should be the same as
assigned in step 2)
Note: From now onward the disk will be represented as /dev/mapper/ktpart
Note: Don't use /dev/sda5 to format the partition.

[rootSktlinux ~]# cryptsetup luksOpen /dev/sda5 ktpart

Enter passphrase for /dev/sda5:

[rootSktlinux ~]# |
4. Formatting the partition with ext4 file system.

[rootSktlinux ~]# mkfs.ext4 /dev/mapper/ktpart

mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
130048 inodes, 519908 blocks

25995 blocks (5.80%) reserved for the super user

First data block=l

Maximum filesystem blocks=67633152

Page 72 of 274
www.kerrneltech.com

5. Making the permanent mount point and mount the partition.

For temporary mounting make a directory and use
#mount/dev/mapper/ktpart /kernel

Make the entry in /etc/fstab to make it permanent as shown below

Also make anentry in /etc/crypttab asshown below.
0$S

#vim /etc/fstab

UUID=60dcea45-f68b-473d-b953-0fbc5b63d5fc swap

defaults

swap

tmpfs
devpts
sysfs

/dev/shm
/dev/pts
/sys

tmpfs
devpts
sysfs

nroc

/Proc

_E2

'dev/mapper/ktpart

/kernel

ext4

defaults

gid=5,mode=620

defaults

defaults
defaults

0 0

~e"ef

#vim/etc/crypttab
Mb

Qtpart /dev/sda5
6. Access the partition andsome data to it.
Access the partition using mount point

[rootSktlinux ~]# cd /kernel

[rootSktlinux kernel]# Is
lost+found

[rootSktlinux kernel]* touch ktfile{1..5}

[rootSktlinux kernel]* Is

ktfilel ktfile2 ktfile3 ktfile4 ktfileS

[rootSktlinux kernel]* cd ..
[rootSktlinux /]# 1

lost+found

7. Unmount the partition, and close the partition i.e. encrypt it back

# umount /dev/mapper/ktpart

ttcryptsetup luksClose /dev/mapper/ktpart

#mount -a (To check encryption isworking)

[rootSktlinux /]# umount /dev/mapper/ktpart

[rootSktlinux /]# cryptsetup luksClose /dev/mapper/ktpart

[rootSktlinux /]# mount -a

mount: special device /dev/mapper/ktpart does not exist

[rootSktlinux /]# |

Page 73 of 274
www.kerrneltech.com

Savins the passnhrase in fil, * o.ito mollnt tho parMMM

Either you should type the passphrase to continue or can ignore it by usine etrl+e to
continue booting without decrypting and mounting the partition
*

Steps to save the passphrase and adding it in I. i*q ^p,.-^

Make a file and store the passphrase in it.
#vim enphrs
kernel123

Nntl. TKhange the permlsslon of* fil* (600), and add the path ofthe file in /etc/crvattab
^-^^the^schanged
sothatgroups others^ ^
IrootSktlinux /J# chmod 600 enphrs
[rootSktlinux /]# is -l enphrs
-rw-------. i root root 10 Sep 28 06:44 enohrs

[rootSktlinux /]# vim /etc/crypttab|

ktpart /dev/sda5 /enphrs

Add the key in LUKS configuration

[rootSktlinux /]# |

Removing the encryption

Close the encryption as shown in step 7above and

Format the partition normally in ext4 file system

#mkfs.ext4/dev/sda5
Encryption will be removed

En^ST data ln the Partitin Wl" be ,0St' S mate SUre that you have backuP **"efore
Page 74 of 274

www.kerriielfech.rnm

Logical Volume Management

The Linux Logical Volume Manager (LVM) is a mechanism to wtuajjze^the disks. It can create
"virtual" disk partitions out of one or more physical hard drives, allowing you to grow, shrink, or
move those partitions from drive to drive as your needs change. It also allows you to create

larger partitions than you could, achieve with a single.drive. Traditional uses of_LVM_ have
jncludea^databases and company_fjje_servers, but even home users may want large partitions
for music or video collections, or for storing online backups. LVM can also be convenient ways
to gain redundancy without sacrificing flexibility.
A typical example for the need of LVM can be, assuming that we are having a disk of size 2GB

and we start adding the data in the form of a single file, eventually it grows to the size of 2GB.
In this case the possibility is, you go for another disk which is larger than 2GB, let's say 4GB. But
what if the file again grows more than 4GB? How far you will be migrating file from one disk to
another so on and so forth? It requires a down time as well which is not possible in real time, so
to avoid these circumstances we implement LVM and store data in LV's whose size can be easily
increased whenever required without a downtime.

Logical Volurne(s)

Physical Volume (s)

Physical Partitions
The Basic structure of LVM

Above picture shows the structure oLLVM. LVM consists of Physical Volumes, Volume Group,
Logical Volumes and finally file systems. The Physical partitions are known as Physical Extents
(PE), and the logical partitions are known as logical Extents (LE)
Page 75 of 274
www.kerrnehech.coni

Components of LVM in Linux:

Physical Volumes (PV)

Physical Extent (PE)
Volume Group (VG)
Logical Volume (LV)
Logical Extent (LE)

Physical Volume (PV)

It is the standard partition that you add to the LVM. Normally, a physical volume is a standard
primary or logical partition with the hex code 8e.
Physical Extent (PE)

It is a chunk of disk space. Every PV is divided into a number of equal sized PEs.
Volume Group (VG)

It is composed of a group of PV's and LV's. It is the organizational group for LVM.

Logical Volume (LV) is composed of a group of LEs. You can format and mount any file system
on an LV. The size of these LV's can easily be increased or decreased as per the requirement.
Logical Extent (LE)
It is also a chunk of disk space. Every LE is mapped to a specific PE.

LVM Command

Function

vgreduce

Displays all the physical volumes

Displays all volume groups in the system
Displays all the logical volumes in the system
Displays detailed information on physical volumes
Displays detailed information on volume groups
Displays detailed information on logical volumes
Create a new physical volume
Create a new volume group.
Creates a new logical volume
Add a new physical disk to a volume group.
Extends a logical volume
Resizes a logical volume
Reduces a logical volume
Moves/migrates data from one physical volume to another
Reduces a volume group by removing a PVfrom it.

pvremove

Deletes a physical volume

vgremove

Removes /Deletes a volume group

Removes /Deletes a logical volume

pvs
vgs

Ivs

pvdisplay

vgdisplay
Ivdisplay
pvcreate
vgcreate
Ivcreate

vgextend
Ivextend
Ivresize

Ivreduce
pvmove

Ivremove

9
9

Page 76 of 274

www.kerrneltech.com

LAB WORK:0&\

Creating a Physical Volume (PV)

Create a partition using fdisk, and change the hex code of it to 8e.
Save and exit the fdisk and update the partition table using partx-a command
Device Boot
/dev/sdal
/dev/sda2
*
/dev/sda3
/dev/sda4
/dev/sda5
/dev/sda6
/dev/sda7

Start
1
3825
3851

End

Blocks

3825
3851

30720000
204880

8e
83

Id System
Linux LVM
Linux

4361

4096000

82

Linux swap / Solaris

4361
4361
4426

6527
4425

17406303+
521957

5
83

Extended
Linux

4490

522081

82

Linux swap / Solaris

4491

4555

522081

83

Linux I

Command (m for help): [t|

Partition number (1-7): 7
Hex code (type L to list codes):

8e

Changed system type of partition

7 to

8e (Linux LVM)

Create a PV on newly created partition i.e. /dev/sda7.

Verify it by pvs or pvdisplay command

Syn: #pvcreate <partition name>

#pvcreate/dev/sda7
JpV

[rootSktlinux Desktop]# pvcreate /dev/sda7

Physical volume "/dev/sda?" successfully created

[rootSktlinux Desktop]* pvs

PV

VG

/dev/sdal

vq ktlinux lvm2 a-

Fmt

Attr PSize

29.29q

PFree

1.95g

Atev/sda7
lvm2 a509.84m 509.84m
[rootSktlinux Desktop]* pvdisplay
"/dev/sda?" is a new physical volume of "509.84 MiB"
--- NEW Physical volume --PV Name
/dev/sda7
VG Name
jpPN

PV Size
Allocatable
PE Size
Total PE

509.84 MiB
NO
0
0

Free PE

Allocated PE

pV UUID
RzuHEg-ks6y-cvem-C5F4-tfk8-veco-n)Jqs46
The above command will list all the PVs in the system, if you want tosee the details only for
a particular PV, then use

#pvdisplay <partition name> i.e. #pvdisplay/dev/sda7

Page 77 of 274

www.kerrneltech.com

JP*

/^fflfl

Creating a Volume Group (VG)

After creating a PV, the next step is to create a Volume Group or VG

To create a VG the syntax is
#vgcreate <name for the VG> <partition name>

/^i\

#vgcreate ktvg /dev/sda7

[rootSktlinux Desktop]* vgcreate ktvg /dev/sda7

Volume group "tog" successfully created

Verify it by using the following command

#vgs or #vgdisplay <vgname>

yh,-

[rootSktlinux Desktop]* vgs

VG

1ktvq

vgktlinux

*PV #LV *SN Attr

VSize

0 wz--n- 508.00m

0 wz--n-

VFree

508.00m|

29.29g

1.95g
/si . "; .

[rootSktlinux Desktop]* vgdisplay ktvg

--- Volume group VG Name
ktvg

r^!|\

System ID
. Format

lvm2

Metadata Areas

Metadata Sequence No

VG Access

read/write

VG Status

resizable

MAX LV

Cur LV

Open LV

Max PV

Cur PV

/^H^

/^$^

Act PV

VG Size

508.80 MiB

PE Size
Total PE

4.00 MiB

Alloc PE / Size
Free PE / Size

0/0

VG UUID

127

127 / 508.00 MiB

731Qe2-fDmO-PuZz -ZrjX-eki6-lEru-vAi36c

To check all the VGs detail you can also use the command
#vgdisplay

It will list out all the VGsin the system in detail.

/^^v

Page 78 of 274
www.kerrneltech.com

Logical Volume Creation

Once we are ready with aVolume Group then it's the time to create a Logical Volume LV
The syntax for creating an LV is
#lvcreate-L <size of LV>-n <name for LVxVG name>

#lvcreate -L 300M -n ktlvktvg (To create a LV of 200MB)

[rootSktlinux Desktop]* Ivcreate -L 380M -n ktlv ktvg

Logical volume "ktlv" created

[rootSktlinux Desktop]* |
Verifythe LV by using the following commands

#lvs or#lvdisplay to display all the LVs available in the system

#lvdisplay <VG name> to display the LVs ofaparticular Volume Group

#lvdisplay ktvg

f^

[rootSktlinux Desktop]* Ivs

IV
ktlv

VG
ktvq

Attr
LSize
-wi-a- 300.00m

homelv vgktlinux -wi-ao

rootlv vgktlinux -wi-ao
usrlv vgktlinux -wi-ao

3.91g
3.91g
9.77g

varlv

9.77q

vq ktlinux -wi-ao

Origin Snap% Move Log Copy% Conver

[rootSktlinux Desktop]* Ivdisplay ktvg

--- Logical volume --LV Name
VG Name
LV UUID

/dev/ktvg/ktlv
ktvg

x0NkZc-Qqll-6Ev/K-HuGj-YNlI-5vVW-XQUKB

LV Write Access

read/write

LV Status

available

# open

LV Size
Current LE

75

300.00 MiB

Segments

Allocation

inherit

Read ahead sectors

auto

- currently set to

256

Block device

253:4

Note: The output for only Ivdisplay command is very lengthy to show, it is recommended

that you run the command on the system and check itout. The syntax is given above.

Page 79 of 274

www.kerrncltech.coni

.<(t^

r^k

Adding File system to the LV and Mounting it.

As per now we have our VG created so is our LV. In order make it accessible we need to
format it with a file system like ext4 or ext3 or vfat.
The syntax for formatting an LV is exactly like formatting a normal partition, Instead of

/dev/partition name we use the path of LV that will be something like /dev/vg/lv
#mkfs.ext4/dev/ktvg/ktlv

/W0\

[rootSktlinux Desktop]* mkfs.ext4 /dev/ktvg/ktlv

mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=8 blocks, Stripe width=8 blocks
76912 inodes, 307200 blocks

15360 blocks (5.00%) reserved for the super user

^k

First data block=l

Maximum filesystem blocks=67633152

38 block groups
8192 blocks per group, 8192 fragments per group
2024 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185
/S||

Writing inode tables: done

Creating journal (8192 blocks): done

Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 32 mounts or
188 days, whichever comes first. Use tune2fs -c or -i to override,

S^h

[rootSktlinux Desktop]* |
Mounting:

Mounting an LV is exactlysame like a normal partition, again the path for mounting will be
/dev/vg/lv

Create a directory over which the LV should be mounted.

Amount </dev/vgname/lvname> /directory name
#mount/dev/ktvg/ktlv /ktdir
Verifythe mounting with mount command

/%$k

Make it a permanent mount by making an entry in /etc/fstab

/S^]S

IrootSkttinux /J* mount /dev/ktvq/kttv /ktdir

#vim /etc/fstab
/sys
/proc

sysfs

proc

/dev/mapper/ktpart

/kernel

ext4

/dev/sda6

swap

swap

ydev/ktvq/ktlv

/ktdir

ext4

sysfs

proc

defaults
defaults
defaults
defaults
defaults

0 0
0 0
0 0

0 0

0 01

Now you can access it and add the data as usual.

Page 80 of 274
www.kerrneltech.com

0!^

JIN

Extending a Volume Group

Extending a volume group isactually adding a new PV to the volume group.

To extend a volume group we need to create a new partition using fdisk. Don't forget to
change its hex codeto 8e and update the partition table using partx -a command

Create a PV on the newly created partition using pvcreate command

Add the partition to the VG using vgextend command, the syntax for it is
0^

#vgextend <VG name> <partition name>

#vgextendktvg/dev/sda8
Verify it pvs command

[rootSktlinux /]# pvcreate /dev/sda8

Physical volume /dev/sda8a successfully created

[rootSktlinux /]# vgextend ktvg /dev/sda8
Volume group "ktvg" successfully extended
[rootSktlinux /]# pvs
PV

VG

Fmt

Attr PSize

/dev/sdal vgktlinux lvm2 a/IPs

PFree

29.29g

i.95g

/dev/sda7

ktvg

lvro2 a-

508.08m 208.00m

/dev/sda8

Ktvg

lvm2 a-

508.00m 508.00m

[rootSktlinux /]# |
Increasing the size of a logical volume

/%k

Sometimes the file system size may be full, so we need to increase the size of the LV to

continue adding the data in it.

'
The size of LV can beincreased online, nodowntime isrequired.

Check the currentsize of the LV by using #df-h command.

Increase the size of the LV by using Ivextend or Ivresize command, the syntax for it is

#lvextend -L <+addition size> </dev/vg/lv name> (syntax for Ivresize is also same)

#lvextend-L+200M/dev/ktvg/ktlv
Update the file system by using resize2fs command
#resize2fs /dev/vg/lv name
#resize2fs /dev/ktvg/ktlv
Verify the change by using df -h command

[rootSktlinux /]# df -h

Filesystem
size Used Avail Use% Mounted on
/dev/mapper/vgktlinux-rootlv
3.9G

450M

3.3G

tmpfs
1Q04M 300K 1004M
/dev/sda2
194M
39M 146M
/dev/mapper/vgktlinux-homelv
3.9G

13% /

1% /dev/shm
21% /boot

72M

3.6G

2.3G

6.9G

25% /usr

9.7G

3.5G

5.7G

39% /var

291M

11M

266M

2% /home

/dev/mappe r/vgktlinux-us rlv

9.7G

/dev/mapper/vgktlinux-varlv

/dev/mappe r/ktvg-ktlv
4% /ktdir

IrootSktlinux /J# |

Page 81 of 274

www.kerrneltech.coni

d^v

/^I

Increasing the size of the LV and updating the file system

[rootSktlinux /]# Ivextend -L +200M /dev/ktvg/ktlv
Extending logical volume ktlv to 50O.00 MiB

Logical volume ktlv successfully resized

[rootSktlinux /]# resize2fs /dev/ktvg/ktlv
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/ktvg/ktlv is mounted on /ktdir; on-line resizing required
old descblocks = 2, newdescblocks = 2

Performing an on-line resize of /dev/ktvg/ktlv to 512000 (Ik) blocks.

The filesystem on /dev/ktvg/ktlv is now 51200O blocks long.
Verify it by df-h
[rootSktlinux /]# df -h

Filesystem
Size Used
/dev/mapper/vg ktlinux-rootlv
450M

3.3G

1004M 300K

1004M

3.9G

tmpfs

Avail Use% Mounted on

/dev/sda2

194M

13% /

1% /dev/shm
21% /boot

-~'*3f'

39M

146M

72M

3.6G

2.3G

6.9G

25% /usr

9.7G

3.5G

5.7G

39% /var

485M

11M

450M

r^H

/dev/mapper/vg ktlinux-homelv
3.9G

2% /home

/dev/mapper/vg ktlinux-usrlv
9.7G

/dev/mapper/vg ktlinux-varlv

/dev/mapper/ktvg-ktlv
3% /ktdir
/Ssjk

[rootSktlinux /]# ]

Reducing the size of an LV

Reducing the size of an LV is a bit complicated task, there are few things which you need to
keep in mind before reducing the size of an LV.

LV size cannot be reduced online, it requires a down time i.e. unmounting the file
system.

Organized the data before reducing the size of LV.

Update the file system about the size. I.e. what its size will be after reduction.
\. Finally reduce the size. Huh....! Lots of things to do!!!!
Ifany ofthe above things are missed then it will be a mess, you may corrupt the filesystem and LV.
Let's start the steps carefully

Check the size of the Iv using df -h command

Unmount the LV using umount command

Organize the data in LV by using e2fsck command

#e2fsck-f/dev/ktvg/ktlv.

Update the file system by using resize2fs command

#resize2fs /dev/ktvg/ktlv 300M (where 300M is the approximate total size of LV after reduction)
Page 82 of 274
www.kerrneltech.com

/^H||

Now reduce the size by using ti Ivreduce -L -200M/dev/ktvg/ktlv command

We know the size of LV is around 500MB, from previous picture in case of extending the size of LV.
Or else you can run df -h and verify it again.
Umount the LV by using umount command

[rootSktlinux /]# umount /ktdir

[rootSktlinux /]# |
Organize the data in the file system.

*s
[rootSktlinux /]# e2fsck -f /dev/ktvo/ktlv

e2fsck 1.41.12 (17-May-2010)

Pass 1
Checking inodes, blocks, and sizes
Pass 2
Checking directory structure
Pass 3
Checking directory connectivity
Pass 4
Checking reference counts
Pass 5
Checking group summary information
ktlv: 11/127512 files (0.0% non-contiguous), 26603/512000 blocks

[rootSktlinux /]# |
Update the file system about the size after reduction
v^

[rootSktlinux /]# resize2fs /dev/ktvg/ktlv 300M

resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/ktvg/ktlv to 307200 (Ik) blocks
The filesystem on /dev/ktvg/ktlv is now 307200 blocks long.

[rootSktlinux /]# |
Finally reduce the size of the LV using Ivreduce command. It will prompt you about the change
type y to continue with reduction.

[rootSktlinux /]# Ivreduce -L -200M /dev/ktvg/ktlv

WARNING: Reducing active and open logical volume to 300.00 MiB
THIS MAY DESTROY YOUR DATA (filesystem etc.)

Do you really v/ant to reduce ktlv? [y/n]: y

Reducing logical volume ktlv to 300.00 MiB
Logical volume ktlv successfully resized

[rootSktlinux /]# |
Mount the LV and run the command df-h, to verify the change in the size of LV
#mount -a (if an entry is passed in /etc/fstab use this command)
#df-h

/dev/mappe r/ktvg-ktlv
291M

11M

266M

4% /ktdir

[rootSktlinux /]* |

Page 83 of 274

www. ke r rn e 11 c c h. c o in

Moving or Migrating the LV (data) from one pv to another.

There might be a situation where the PV might be failing and it is required to be replaced, in

I'^Hk

such case, we need to migrate or move the data from such PV to the other and isolate the
PV.

The Steps to migrate the PV are

Access the mount point of failing PV and check the data in it,
Verify the size of the PV by pvs command or pvdisplay command.
A%S

Unmount the file system on that PV.

Add new PV, which should be of the same size or higher than that of the replacing
PV to the volume group.
Migrate the PVs contents to the new PV using following command
#pvmove <01d PV> <New PV>

Mount back the LV, access the mount point and verify the data in it.
Remove the faulty PV from Volume Group.

j -

Okay! So let*s do the practical following above steps.

Access the mount point of the failing PV and check the data in it.
[rootSktlinux ~]# cd /ktdir/
[rootSktlinux ktdir]* Is
ktdatal
ktdatal

ktdata2
ktdata3

ktdata4
ktdataS

ktdata6
ktdata7

ktdataS

lost+found

ktdata9

[rootSktlinux ktdir]* cat ktdatal

Welcome to Kernel Technologies

[rootSktlinux ktdir]* |
Verify the size of the PV by pvs command or pvdisplay command.
[rootSktlinux --]# pvs
Fmt

Attr PSize

PV

VG

/dev/sdal

rootvq lvm2 a-

/dev/sda6

ktvg

lvm2 alvm2 a-

/dev/sda7
[root@ktlinux --]# pvdisplay

17.57q

PFree

598.00m 208.00m
509.84m 599.84m

Physical volufnp

PV Name

/dev/sda6

VG Name

ktvq

PV Size
Allocatable
PE Size
Total PE

| 509.84 MiB ! not usable 1.84 MiB

yes
4.00 MiB

127

/^i

Free PE

52

Allocated PE

75

PV UUID

Hjki4-doLN-I0DB-P8T9-itBr-Hn6V-yVrrz2

Page 84 of 274
www.kerrneltech.com

Unmount the fife system on that PV.

#umount /ktdir

Add new PV which should be of the same size or higher than that of the replacing PV to

the volume group.

In our case the size of the failing PV is around 500MB, so we need to add a PV whose size is
at least 500MB or more

l have created another partition from fdisk i.e. /dev/sda7 with the size around 500MB
[rootSktlinux -]# pvs
PV

VG

/dev/sdal

rootvg lvm2 a-

Fmt

Attr PSize

/dev/sda6

ktva

lvm2 alvm2 a-

/dev/sda7

PFree

17.57g

508.00m 108.00m
509.84m 509.84n

[rootSktlinux ~]# vgextend ktvg /dev/sda7

Volume group "ktvg" successfully extended

[rootSktlinux ~]# |

Migrate the PV's contents to the new PV using following command

#pvmove <Old PVxNew PV>
Vsr*"'

#pvmove /dev/sda6 /dev/sda7

[rootSktlinux ~]# pvraove /dev/sda6

/dev/sda7

/dev/sda6: Moved: 4.6%

/dev/sda6: Moved: 169.0%

[rootSktlinux ~]# |
Mount back the LV, access the mount point and verify the data in it.
[rootSktlinux ~]# mount -a
[rootSktlinux ~]# cd /ktdir
[rootSktlinux ktdir]* Is
ktdatal
ktdataie

ktdata2
ktdata3

ktdata4
ktdata5

ktdata6
ktdata7

ktdata8

lost+found

ktdata9

[rootSktlinux ktdir]* cat ktdatal

Welcome to Kernel Technologies

[rootSktlinux ktdir]* |
Remove the faulty PV from Volume Group.

Asthe data is moved safely, now let's remove the faulty PVfrom the volume group.
The syntax to remove a PV from a VG is
#vgreduce <vg name> <PV name>
flvgreduce ktvg /dev/sda6

rootSktlinux ktdir]* vgreduce ktvg /dev/sda6

Removed /dev/sda6D from volume group "ktvg"

Page 85 of 274

www.kerrneltech.coni

/^ft

Deleting/Removing an LV:
To Delete/Remove an LV, first unmount the file system.
Remove the entry from /etc/fstab.

/*ss%

Use the command Ivremove i.e.

#lvremove <LV name>

#lvremove ktlv (it will prompt to you to continue, press y to continue)

Verify it by using Ivdisplay command

[rootSktlinux ~]# umount /ktdir

[rootSktlinux ~]# vim /etc/fstab
[rootSktlinux -]# Ivremove /dev/ktvg/ktlv

Do you really want to remove active logical volume ktlv? [y/n]:|y 1

Logical volume "ktlv" successfully removed

'

'

[rootSktlinux -]# Ivdisplay ktvg

[rootSktlinux -]# |

As we was having only one LV and that is now deleted, that's why it is not showing any LVs
after executing Ivdisplay command.

Deleting a Volume Group

To delete the volume a group, make sure that if there is any LV in it, it should not be

mounted. Because while removinga vg it will also remove LV's inside it. In our case we have
/flto

no LV in our volume group, so we will not be concerned about it.

To delete a VG, use the following command.
#vgremove <vgname>
I

#vgremove ktvg
[rootSktlinux ~]# vgremove ktvg
Volume group "tog" successfully removed

[rootSktlinux -]* |
Deleting a Phvsical Volume

Deleting a PV is very simple. The only thing we should check that the PV we are going to
delete should not belong to any volume group. We can only delete a PVwhich is free.

The syntax to delete a PV is

#pvremove <PV name>

/m

#pvremove /dev/sda6
#pvremove /dev/sda7 OR
#pvremove /dev/sda{6,7} (To remove multiple PVs in one command)
[rootSktlinux ~]# pvremove /dev/sda{6,7}
Labels on physical volume "/dev/sda6B successfully wiped
Labels on physical volume "/dev/sda7" successfully wiped

If you want you can verify it by using pvs or pvdisplay commands

Building anything requires lots of concentration, hard work, and patience, but to demolish
it, it is just a matter of a moment. Isn't it....!
Page 86 of 274
www.kerrneltech.com

gfp\

Creating a VG by specifying the PE size

To create a VG with specifying an PE size,

First create a partition and also create a pv

[rootSktlinux ~]# fdisk -I

Disk /dev/sda: 21.5 GB, 21474836480 bytes

255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16965 * 512 = 8225289 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier:

Ox0OO03d37

Device Boot

/dev/sdal
/dev/sda2
/dev/sda3

System

Start

End

Blocks

Id

1
1785
1811

1785

14336898

8e

Linux

1811

284888

83

Linux

2872
2619

2897152

82

4325849

/dev/sda4
|/dev/sda5

2872
2972"

2136

518412+

83

LVM

Linux swap /

Solaris

Extended

Linux]

[rootSktlinux ~]# pvcreate /dev/sda5

Physical volume /dev/sda5" successfully created
To create a vg with custom PE size use

#vgcreate <name for the vg > -s <size of PE(1-128)> <pv names>

#vgcreate ktvg2 -s 16 /dev/sda5

[rootSktlinux ~]# vgcreate ktvg2 -s 16 /dev/sda5

Volume group nktvg2t' successfully created

[rootSktlinux ~]# |
Verify the PE size using vgdisplay command
[root@ktlinux ~]# vgdisplay ktvg2
Volume
VG

group

ktvg2

Name

System ID
Format

lvm2

Metadata Areas

Metadata Sequence

1
No

VG Access

read/write

VG

resizable

Status

MAX

LV

Cur

LV

Open LV

Max

PV

Cur PV

Act

PV

VG Size

496.08 MiB

|PE Size
Total

Alloc PE /
Free
VG

16.00 MiB|

PE

PE /

UUID

31

Size
Size

0/0

31 /

496.00 MiB

lacNDZ-szQ6-Fq76-lZMZ-Px3K-KQXo-UMDQV

Page 87 of 274
www.kerrneltech.com

JP*

Creating an LV of 400MB, specifying no. of LE instead of giving size in MB or GB.

To create an LV using LE, the things to keep in mind are

Size of LE=Size of PE

In Command we are specifying the no. of LE not the size of LE,as the size of LEis based on
Size of PE.

For example if the size of PEis 16, then the size of LE will also be 16.

*^k

Steps to create an LV based on LE

Check the size of PE using vgdisplay command

[root@ktlinux -]# v<^display ktvg2

Volume group

/^i

ktvg2

VG Name

System ID
lvm2

Format

Metadata Areas

Metadata Sequence

read/write

VG Access
VG

1
No

resizable

Status

MAX LV

Cur LV

Open LV

Max PV
Cur PV

Act PV

VG Size

496.00 MiB

|PE Size

16.00 MiB|

Total PE

31

Alloc PE / Size

8/0

Free

31 / 496.08 MiB

VG

PE /

Size

UUID

z^t)

lacNDZ-szQ6-Fq76-lZHZ-Px3K-KQXo-llMDQV

Okay, now then we know the size of PE is 16, lets calculate how many LE is required to

The formula for calculating no. of LE is

<size of LV required, in MB> divided by Size of PE
400/16 = 25

If the size of LV is to be 2 GB then first we need to convert GB into MB and then calculate

create an LV of 400 MB.

/^$\

2x1024/16=128.

You can use #bc command to do all the calculations. Use ctrl+d or Ctrl+c to quit the
calculator

[root@ktlinux ~]# be
be 1.06.95

/9h

408/16
25

2*1024/16
128

Page 88 of 274
www.kerrneltech.com

So now we got the calculation done and we came to know that 25 LEs are required to
create 400MB of LV.

The syntax to create an LVwith no. of LE is

#lvcreate -I <no. of LE> -n <name for the LV> <volume group name>
#lvcreate-i 25 -n kth/2 ktvg2

[root@ktlinux ~]# Ivcreate -I 25 -n ktlv2 ktvg2

Logical volume Dktlv2 created

[root@ktlinux ~J# |
Now check the size of the LV

"ktlv2" using Ivdisplay command

#lvdisplay ktvg

[rootSktlinux -]* lvdis[ )lay ktvg2

--- Logical volume -LV Name
VG Name

LV UUID

/dev/ktvg2/ktlv2

|ktvg2 |
t83rmU-kk2z-I83a-BXpo-18LH-aDM8-FeFliW

LV Write Access

read/write

LV Status

available

# open

LV Size

460.00 MiB

Current LE

125

Segments

Allocation
Read ahead sectors

auto

inherit

- currently set to

256

Block device

253:5

Installing Linux using LVM partitioning

The only difference in a normal installation and LVM installation is that instead of creating
normal partition we will create a VG andthen LVs forall partitions, except /boot and swap.
The advantage of installing Linux using LVM is that, ifany ofsystem partition is running out
of space and required more space, in case of normal partitioning it is not possible to
increase the size of a partition once it is created. But, using LVM the space can be

dynamically increased whenever it is required.

Even if there is no space remaining in the disk some space can be borrowed from other
LVMs and can easily be assigned to required system partitionto fulfill its need.
LVM provides a greater scalability to the administrator and avoid uncertain down time to
the server.

LVM ensures the possibility of increasing and decreasing the sizes whenever required and
prevents unnecessary loss of time.

Page 89 of 274

www.kerrneltech.com

jp\

Start the installation normally as done previously, but only at the time of partitioning follow
the steps below.
:

(MB) RAJWV

P HardCnvci
"

vda

Create storage
Oeate fertstion

O Standard Partition
Information

Create Software RAID

'; RAJOPartition

information

Create IVM

LVM Physical volume

<".-

' >

Create

Reset

Select the Free space and click on Create, then select LVM Physical Volume and click on
Create to proceed.

**

X S?>
Add Partition

h* Hard Drives
v

vda

Mount Point

Fi e 5j stem jype physical volume (LVM)

Allowable Drives:

Si?e (MB):

125000,

AdditionalSize Options
S Fixed size

0 Fill all space yp to (MB):

G Fill to maximumaiiowable size
Force to Lea prirr; , ;...

-: rypt

Cancel j

gk

Give the maximum possible size to this PV, as all the partition has to be created inside it
only.
Page 90 of 274

www.kernieltech.cuni

Size
":

Free

Mount Point/
'.-

. ' ;- .

'

IS95S

create storage
Create Partition

C Standard Partition

Create Software raid

information

t RAID P.

Create LVM

Information

* LVM Volume Group

0 LVM Physical Volume

Cancel

j Create

Qreate

Edit

: i -

Reset

Select the created PV, i.e., vdal and this time check the box beside LVM Volume Group to
create a volume group.
Drive /dcv/vda (4096Q MB) (Modal: V)rtk> Block Davlco)

Size

Mount Point/

(MS)

RAID"*"''""-*

Type

Format

Make LVM Volume Group

;

Volume Group Name:

vg_ktcl3

physical Extent:

4 M3

S3 vdal

25000 00 MB

Physical Volumes to Use:

Used Space:

0.00 MB (0.0%)

Free Space:

24996.00 MB (100.0%)

Total Space:

24396.00 MB

Logical Volumes

Logical Volume Name Mount Point Size (MB)

Add

Make Logical Volume

Mount Point

:/

File System Type.

Logical Volume Name; ILcgVolOO

Sfee (MB):

D Encrypt

'T.--J

CM .< Size is 24996 MB)

Carxe I

Q<

Create

Edit

Delete

Beset

Click on Add button to start adding LVs, Select a mount point and assign a size to it and click
on OK

Page 91 of 274

www.kerrnelrecli.com

Repeat the above step and create the following partitions with the given sizes
/usr with 8.5 GB approx
/var with 4.5 GB approx
/opt with 2 GB approx
/, /tmp, /home 2 GB each approx
/opt 3 GB approx

Note: All the sizes listed above are based on the availability of the space. It is no where a
recommended or minimum sizes. The sizes can be based on your requirements. But /usr
required the above given size if it is 64 bit architecture.

E d i t i_vrvi v o l u m e G r o u p : vg_lctc:l3
Volume Group Nnnie:

Physical Extent:
ED

vdal

2 5000.00 MB

. Physical Volumes to Use:

9
u s e d Space:

2 2 0 0 0 . 0 0 MB

2996-OOMB

Free Space:

Total Space:
Uogical Volumes

(38.0 %)

(12.0%)

24996.00 MB

9
9
Cancel

S2K

Once done click on OK to conitinue

v LVM Volume Groups

vg_ktcl3

24996

LogVo'05

3000 /opt

ext4

Logvoi04

4500 /'var

BXt4

Log .oiOl

2000 /home

art*

LogVoiOO

2000 /

ext4

s
/

LogvbKH

8500 /usr

ext4

Logvol02

20C0 /tmp

e>t4

Free

2996

physical volume (U/M)

9
9

Hard Drives
v

vda

vdal

25000 vgjctcl3

jfrMmHJHJilUlllll 'Hill

Create

Reset

Select the Free space under Hard Drives and create /boot with 200 MB and /Swap with
2GB. Make sure that you select Standard Partition this time, instead of LVM.
Page 92 of 274

www.kerrncItccii.coni

0s

0\
Please Select A Device

Device

LVMVolume Groups "

w vg_ktcl3
LogVblOS
Logvol04
LogVolOl

Size Mount Point/

(MB) i RAID/Volume

Type

Format

24996

3000/opt

ext4

4500/var

ext4

2000 /home

ext4
ext4

LorjVolOO

2000 /

LogVolOl

8500 /usr

ext4

LogVol02

2000 /tmp

ext4

Free

2996

Hard Drives
^

vda

!-. .".,:

vdal
vda2

vda3
Free

25000 vgjctcl3
200/boot
2048

physicalvolume (LVM)

ext4
swap

J
J

13711

( Create j( Edit. )[ fjeiete*~][ Reset

4^ Back j

c^ftext

Verify the sizes and click on Next to continue with the installation. Complete the installation
as usual as we have done previously at the beginning of the course.
0s

sIPn

Practice the LVM Concept well; as it isthe most important part in Linux and
in any UNIX operating system as welK

That sums up the LVM concept in Linux

Page 93 of 274

www.kerrneltech.com

USER AND GROUP ADMINISTRATION

PART-1 USER ADMINISTRATION

In Linux/Unix user is one who uses the system. There can be at least one or more than one
users in Linux at a time. Users on a system are identified by a username and a userid. The
username is something that users would normally referto, but as far as the operating system is
concerned this is referred to using the user id (or uid). The username is typically a user friendly
string, such as your name, whereas the user id is a number. The words username and userid are
often (incorrectly) used interchangeably. The user id numbers should be unique (one number
per user). If you had two usernames with the same user id, effectiyeiy.there permissions would
be the same and the files that they create would appear to have been created by the same
user. This should not be allowed and the useradd command will not allow usernames to share
the same userid.

Some Important Points related to Users:

Users and groups are used to control access to files and resources
Users login to the system by supplying their username and password
Every file on the system is owned by a user and associated with a group
Every process has an owner and group affiliation, and can only access the resources its
owner or group can access.

Every user of the system is assigned a unique user ID number (the UID)
Users name and UID are stored in /etc/passwd
User's password is stored in /etc/shadow in encrypted form.
Users are assigned a home directory and a program that is run when they login (Usually a shell)

Users cannot read, write or execute each other's files without permission.

Types of users In Linux and their attributes:

TYPE

EXAMPLE

USER ID (UID)

GROUP ID

HOME

(GID)

DIRECTORY

SHELL

Super User

Root

/root

/bin/bash

System User

ftp, ssh,

1 to 499

1 to 499

/var/ftp, etc

/sbin/nologin

500 to 60000

500 to 60000

/home/user

/bin/bash

apache
nobody
Normal User

Visitor,
ktuser,etc

name

Page 94 of 274

www.kerrneltech.com

r#"
0^

In Linux there are three types of users.

/jJSN

1. Super user or root user

Super user or the root user is the most powerful user. He is the administrator user.
2. System user

System users are the users created bythe softwares orapplications. For example ifwe install
Apache it will create a user apache. These kinds of users are known assystem users.
3. Normal user

Normal users are the users created byroot user. They are normal users like Rahul, Musab etc.
Only the root user has the permission to create or remove a user.
0$\

Whenever a user Is created in Linux things created bv default:-

A home directory is created(/home/usemame)

A mail box is created(/var/spool/mail)

unique UID & GID are given to user

Linux uses UPG (User Private Group) scheme

It means that whenever a user is created ishas its own private group
For Example ifa user is created with the name Rahul, then a primary group for that user will
be Rahul only

There are two important files a user administrator should be aware of.
1. "/etc/passwd"
2. "/etc/shadow"
Each of the above mentioned files have specific formats.

1. /etc/passwd
JIN

Iroot@KtUnux ~l# head /etc/passwd

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin
The above fields are
root =name

x= link to password file i.e. /etc/shadow

0 or 1= UID (user id)
Oorl=GID(groupid)
/fP?\

root or bin =comment (brief information about the user)

/root or/bin =home directory of the user
/bin/bash or/sbin/nologin =shell
Page 95 of 274

www.kerrnelrech.com

/sips

2. /etc/shadow
root:$lfdsfsgsdfsdkffefje:14757:0:99999:7::
The fields are as follows,
1. root = User name

2. :$lfdsfsgsdfsdkffefje = Encryptedpassword
3.14757 = Days since that password was last changed.
4.0 = Days after which password must be changed.
5.99999 = Days before password is to expire that user is warned.
6.7 = Days after the password is expires that the user is disabled.
7. A reserved field.

Password Complexity Requirements:

A root user can change password of self and of any user in the system, there are no rules for
root to assign a password. Root can assign any length of password either long or short, it
can be alphabet or numeric or both. On the whole there is no limitation for root for
assigning a password.

A normal user can change only its password. Validpassword for a normal user should adhere to

the followingjules

>f

It should be at least 7 characters but not more than 255 characters.

At least one character should be Upper case

At least one character should be Lowe/case

At least onecharacter should be ajyrnbol, and onecharacter should be a number.

It should not match the previous password.

It cannot have a sequence (ex: 123456 or abcdef)

m$k

r^i|

The login name and the password cannot be same.

Note: For security reasons don't keep the password based on date of birth because it can easily be
hacked.

LABWORK:-

Creating a user

The syntax for creating a user in Linux is

#useradd <option> <usemame>
options are
-u userid

-G Secondary group id
-g primary group id
-d home directory
-c

comment

-s

shell

Page 96 of 274

www.kerrneltech.com

Lefs create a user with default attributes.

When no option is used with useradd command the options like UID, GID, home dir and
shell will be assigned default.

#useradd <usemame>

#useradd ktusr

[rootSktlinux ~J# useradd ktusr

[rootSktlinux ~]# tail /etc/passwd

avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin

pulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin

gdm: x: 42:42:: /va r/lib/gdm: /sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump: x: 72:72:: /: /sbin/nologin
visito r: x: 500:500: visito r: /home/ visito r: /bin/bash
ktuser:x:501:502::/home/ktuser:/bin/bash
named: x: 25:25:Named:/va r/named:/sbin/nologin

fetus r: x: 502:503:: /home/ktus r: /bin/bash

[rootSktlinux ~]# |
Observe that the uid, gid, home dir, and shell is assigned automatically.
Ler/s create a user with our own attributes

Create a user with following attributes

Name = ktuser2
uid=505

home dir = /home/kernel

comment =salesman

#useradd ktuser2 -u 505 -g 505 -d /home/kernel

salesman

[rootSktlinux ~]# useradd ktuser2 -u 505 -d /home/kernel -c salesman

[rootSktlinux ~]# tail /etc/passwd

ntp:x:38:38::/etc/ntp:/sbin/nologin
pulse:x:496:494:PulseAudio Systern Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
sshd :x: 74:74: Privilege-sepa rated SSH:/var/empty/sshd: /sbin/nologin
tcpdump:x:72:72::/: /sbin/nologin
visitor:x:500:500:visitor:/home/visitor:/bin/bash
ktuser:x:501:502::/home/ktuser:/bin/bash

named:x:25:25:Named:/var/named:/sbin/nologin
ktusr:x:502:503::/home/ktus r:/bin/bash
ktuser2:x: 505:505: salesman:/home/kernel:/bin/bash

[rootSktlinux -]# |

Page 97 of 274
www.kerrneltech.com

^k

"^Sll

Assigning password to the user:

As a root user we can assign any password to any user

The syntax for assigning a password is
#passwd to assign password to current user (the one with which you have logged in, if it is
root then root's password will be changed)
#passwd <user name> to assign a password to a specific user, only root can assign
password to other user.

[rootSktlinux ~]# passv/d ktuser2

Changing password for user ktuser2.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSV/ORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.

^k

[rootSktlinux ~]# |

Modifying the user's attribute

After creating a user if we need to modify the attributes of user like changing uid, changing
secondary group id or adding a comment, locking or unlocking the user account, can be
done by following command
Syntax.
# usermod <options> <username>
options are:
all the options which are used with useradd command can be used and also the following,
to change login name
-I
-L

to LOCK account

-U

to UNLOCK account

ex. # usermod -I newname oldname (changing the name of the user)

ex. # usermod -L newname to lock the user account
ex. # usermod -U

newname to unlock the user account

Note: - when an account is locked it will show! (Exclamation mark) in /etc/shadow file.

Page 98 of 274

www.kernieltech.com

/s^j|

Locking and unlocking a user account:

To lock a user a/c use the following

ttusermod -L < user name>

#usermod-L ktuser2

Verify it in /etc/shadow file, it shows exclamation mark before user a/c or try login as

ktuser2
[rootSktlinux ~J# usermod -L ktuser2

[rootSktlinux ~j# tail /etc/shadow

ntp:!1:14923::::::

pulse:!!:14923::::::
gdm:!!:14923::::::
sshd:!!:14923::::::

tcpdump:!!:14923::::::

visitor: $6$0NwZFaSl6WerVfln2i$ULgPvVbt3. E8Ge. 6jwTDQICTaQLvX5d<

0Kiq j /6rq9DPlxelZIFyH6Hbwhy35GGem0:14923:0:99999:7:::
ktuser: $6$6jAEv8c9$j9VTJlLPwD0uCuMIm6S2I7k3KdfAJktHGNBlakE!
ecLDS3DAOvq074OFwIUXyWS2/: 15234:0:99999:7:::
named:!!:15239::::::
ktusr:!!:15250:8:99999:7:::

ktuser2:! ^6$sygiWqG7$uTphGmvQhScKQ8acThAMhb3uGiK9eRNBuBV4al
. bhMNMZQA6GStxPlXSRyeTpKph.: 15250:0:99999:7:::

[rootSktlinux ~]# |

Unlocking a user a/c:

Unlock the above a/c

#usermod-U < user name >

tfusermod -U ktuser2

Verify it in /etc/shadow file, it shows exclamation mark before user a/c or try login as
ktuser2

[rootSktlinux ~]# usermod -U ktuser2

[rootSktlinux ~]# tail /etc/shadow
ntp:!1:14923::::::
pulse:!!:14923::::::

gdm:!!:14923::::::
sshd:!!:14923::::::

tcpdump:!!:14923::::::
visitor: $6$0NwZFaSl6WerWm2i$ULgPWbt3. E8Ge.6jwTDQKTaQLvX5i
8Kiq)/6rq9DPlxelZIFyM6Mbwhy35GGem0:14923:0:99999:7:::
ktuser :S6S6iAEv8c9$i9vTJaLPwD0uCuMIm6S2I7k3KdfAJktHGNBlakl

ecLDS3DAOvq074OFwIUXyWS2/: 15234:0:99999:7:::
named:!!:15239::::::
ktusr:! 1:15250:0:99999:7:::

ktuser2: S6$XbHuW6gS$NO4lvd4XbZ76ZdvZFIUXxwBhQO80sshf664zgi
asNnhz0zDKrt39Q5OJZnKaj6G1:15254:0:99999:7:::

[rootSktlinux ~]# 9

Observe in both pictures that once the account is unlocked the exclamation is gone.
Page 99 of 274
www.kerrneltech.com

The password parameters.

For any user we can set the parameters for the password, like min and max password age,
password expiration warnings and a/c expiration date etc.
To view the advanced parameters of the user, use
#chage -l<username>
#chage -I ktusr

[rootSktlinux ~]# chage -I ktusr

Last password change
Password expires

: Oct 03, 2011

:

never

Password inactive

never

Account expires

never

Minimum number of days between password change

Maximum number of days between password change
Number of days of warning before password expires

: 0
: 99999
: 7

[rootSktlinux ~]# |
Last password change: When the password was change last time.
Password expires: Password expiry date
y?
Password inactive: After password expiry grace period before the account gets locked.
Account expires: Date on which the account expires.
Minimum number of days b/w password change: once the password is changed, it cannot
be changed until a min period of specified date. [0] means never.
Max number of days b/w password change: After changing the password how long it will
be valid for.

Number of days of warning before password expires: start of warnings to change the
password, no. of days before the password expires.

Changing the password parameters:

Changing of the password parameters can be done by two ways.

1. #chage <user name >

2. #chage <optionxvaluexusername>

Let's see the first method and then the other.

To set the password parameters of a user "ktusr" to

Min password age: 2 days

Max password age: 7 days

Password expiration warnings: 2 days before password expires

Password inactive [-1]: 0 same day account is locked after password expiry.

A/Cexpiration date: 2011-12-31 (dec 31st 2011)

'1^

Page 100 of 274

www.kerrneltech.com

/5%

/^Sk

tfchage ktusr

[rootSktlinux -]# chage ktusr

Changing the aging information for ktusr
Enter the new value, or press FNTER for the default

Minimum Password Age [2]: 2

Maximum Password Age [7]: 7
Last Password Change (YYYY-WI-DD) [2011-10-03]:
Password Expiration Warning [2]: 2
Password Inactive [-1]: 0
Account Expiration Date (YYYY-MM-DD) [1969-12-31]|: 2011-12-31

[rootSktlinux -]# chage -I ktusr

Last password change
Password expires

Oct
Oct
Oct
Dec

Password inactive

Account expires

Minimum number of days between password change

Maximum number of days between password change
Number of days of warning before passv/ord expires

03,
10,
10,
31,

2011
2011
2011
2011

2
7
2

[rootSktlinux -]# |

The second method is for, if you want to change a particular field of password aging policy
#chage <option> <value> <username>
The options which can be used are as follows
-m for Min password age
-M for Max password age
-d for last time the password is changed.
-W Password expiration warnings
-I Password inactive [-1 means inactive).
-E A/C expiration date

Let's see how to change only the account expiration date

[rootSktlinux -]# chage -E 2812-1-5 ktusr
[rootSktlinux -]# chage -I ktusr
Last password change
Password expires

Oct 03, 2011

Oct 10, 2011

Password inactive

Oct 10,

Recount expires

Jan 05, 2012

Minimum number of days between passv/ord change

Maximum number of days betv/een password change
Number of days of warning before passv/ord expires

2011

2
2

[rootSktlinux -]# |
Likewise you can use any option listed above and change any particular field in password aging
parameters.

Page 101 of 274

www.kernieltech.com

.MWSH

/^ji

/^%

Deleting a User:

To delete a user the syntax used is

#userdel <usemame> it will only delete the user but home directory will be there. To delete
the user with its home directory use the following command.
#userdel -r < user name >
ttuserdel-r ktuser2

[rootSktlinux ~]# userdel -r ktuser2

[rootSktlinux -]# tree /home
/home

ktuser
- kernell
- kernel2
- kernel3
- kernel4
- kernels
ktusr
lost+found
visitor

/^ii\

4 directories, 5 files

[rootSktlinux ~]# |

/^k

We're now done with user administration, let's see what's in part-11
/^^

Page 102 of 274

www.kerrneltech.com

PART-ll GROUP ADMINISTRATION

GROUPS
JPN

Users areassigned to groups with unique group ID numbers (the GID)

The group name and GID are stored in /etc/group
Each user isgiven their own private group
They canalso be added to their groups to gain additional access

All users inagroup can share files that belong to the group

Each user isa member ofat least onegroup, called a primary group. In addition, a user can be a
member of an unlimited number of secondary groups. Group membership can be used to
control the files that a user can read and edit. For example, if two users are working on the
same project you might put them in the same group so they can edit a particular file that other
users cannot access.

A user's primary group is defined in the /etc/passwd file and_Secondary groups are defined
in the /etc/group file.

The primary group is important because files created by this user will inherit that group
affiliation.

Creating a Grouo with default ootions :

To create a group the syntax is

#groupadd <name for the group>

#groupadd ktgroup

[rootSktLinux Desktopj* groupadd ktgroup

[rootSktlinux Desktop]* tail /etc/group

stapdev:x:491:
stapusr:x:490:
sshd:x:74:

tcpdump:x:72:
slocate:x:21:
visitor:x:500:
ktuser:x:581:
named:x:25:
ktusr:x:503:

(fP^

lktqroup:x:504:|
[rootSktlinux Desktop]* |

Page 103 of 274

www.kerrneitech.com
0^

Creating a group with user specified group id (GID)

#groupadd <option> <name for the group>

#groupadd -g 595 ktgroup

Verify it in /etc/group
[rootSktlinux Desktop]* groupadd -g 595 ktgroup
[rootSktlinux Desktop]* tail /etc/group
stapdev:x:491:
stapusr:x:490:
sshd:x:74:

tcpdump:x:72:
slocate:x:21:
visitor:x:500:
ktuser:x:501:
named:x:25:
ktusr:x:503:

ktgroup:x:595j

[rootSktlinux Desktop]* |

Modifying the properties of the group

To modify the group properties the syntax js

#groupmod <option> <arguments> <group name>

The options are

-g to change the group id

-';-v

=K..,--I

-o to override the previous assigned id,if it matcheswith the new one.

-n

to change the group name

Changing the GID of the group

#grou pmod -g 600 ktgrou p

Verify it in /etc/group
[rootSktlinux Desktop]* groupmod -g 688 ktgroup
[rootSktlinux Desktop]* tail /etc/group
stapdev:x:491:
stapusr:x:490:
sshd:x:74:

tcpdump:x:72:
slocate:x:21:
visitor:x:500:
ktuser:x:501:
named:x:25:
ktusr:x:503:

ktgroup:x:600: |

[rootSktlinux Desktop]* |

Page 104 of 274

www.kerrneltech.com
/Sil

/9^

Changing the name of the group

The syntax for changing the group name is

ttgroupmod -n <new name > < existing name >

#groupmod -n kemelgrp ktgroup

[rootSktlinux Desktop]* groupmod -n kemelgrp ktgroup

[rootSktlinux Desktop]* tail -5 /etc/group
visitor:x:5O0:
ktuser:x:501:
named:x:25:
ktusr:x:503

kemelgrp :x: 600:

[rootSktlinux Desktop]*

Adding and Removing Members to a Group

Addingthe members to the group is to add users to the group. To add the members to the

group the syntaxes are

To add single user to the group
#usermod -G <group name > < user name>
#usermod-G ktgroup ktuser

[rootSktlinux Desktop]* usermod -G ktgroup ktuser

[rootSktlinux Desktop]* grep ktgroup /etc/group
ktq roup:x:680:ktuser]

[rootSktlinux Desktop]* |
Adding multiple single or multiple users to the group with various attributes
#gpasswd < option> orgumentsxgroup name>
Options:

-M For Adding Multiple users to a group

-A for Adding a group Administrator
-a for Adding a single user to a group
-d removing a user from a group

flgpasswd -M <user>,<user>,<user> <group>

#gpasswd-M ktuser2,ktuser3,ktuser4 ktgroup

[rootSktlinux Desktop]* gpasswd

[rootSktlinux Desktop]* tail -5

M ktuser2,ktuser3,ktuser4 ktgroup
/etc/group

ktusr:x:503:
ktuser2:x:601
ktuser3:x:504

ktuser4:x:505
ktg roup:x:600 :jktuser2, ktuser3,ktuser4

[rootSktlinux Desktop]* |
Page 105 of 274

www.kerrneltech.com

j$^

/3m

Adding a single user using gpasswd

#gpasswd -a ktuser ktgroup (verify it in /etc/group)

[rootSktlinux Desktop]* gpasswd -a ktuser ktgroup

Adding user ktuser to group ktgroup
[rootSktlinux Desktop]* grep ktgroup /etc/group
ktgroup:x:600:ktuser2,ktuser3,ktuser4Jktuserl

[rootSktlinux Desktop]* |
/mm

Making a user as a administrator

#gpasswd -A ktuser ktgroup (verify it in /etc/gshadow)

[rootsktunux Desktopj* gpasswd -A ktuser ktgroup

[rootSktlinux Desktop]* grep ktgroup /etc/gshadow

ktgroup: I: ktuserj: ktuser2, ktuser3, ktuser4, ktuser

[rootSktlinux Desktop]* |
Removing a user from the group
#gpasswd -d ktuser2 ktgroup
[rootSktlinux Desktop]* grep ktgroup /etc/group
ktgroup:x:600 :!Ktuser2i ktuser3, ktuser4, ktuser
[rootSktlinux Desktop]* gpasswd -d ktuser2 ktgroup
Removing user ktuser2 from group ktgroup
[ rootSktlinux Desktop]* grep ktgroup /etc/group
ktgroup:x:600 : ktuser3, ktuser4, ktuser

[ rootSktlinux

Desktop]* |

To add and remove groups use can also use the graphical tool in linux
#system-config-users &
H:~:'&*

Add User

hMp

dfe

Add Group

5&

Pf-operr.ls

Refresh

r^eiec

Help

Search filter: f~

Apply filter I

Users |^r>jpsj
User Name

User ID -- j Primary Group

visitor

SOO

ktuser

visitor

r*faLT>^8 ktuser

| Full Nome
visitor

Login Shell

Home Directory

/bin/bash

/home/visitor

/bin/bash

/home/ktuser

/bin/ bash

/home/ktusr

/bin/bash

/homc/ktuser2

ktusr

502

ktuser2

503

'\*ktuser2

ktuserS

504

ktuser3

/bin/ bash

/home/ktus era

ktuser-4

SbsT" ' "**"! ktuser*

/bin/bash

/ h o m e / k t u s er4

ktusr

/^^

Page 106 of 274

www.kerrneltech.com

/^i^

CONTROLLING ACCESS TO FILES

In this chapter we will be dealing with two things.

1. Special Permissions or Advanced Permission
/^ 2. Access Control List (ACL)

Let's first begin with Special Permissions

1. Special Permissions or Advanced Permission

There are three special permissions that can be assigned to a file or directory apart from
basic file permissions(rwx), they are

SUID-SETUSERID

SGID-SET GROUP ID

STICKY BIT
Permission

Symbolic Form

Numeric Form

Syntax

SETUID

s orS

#chmod u+s or #chmod 4766

SETGID

sorS

#chmod g+s or #chmod 2766

STICKY BIT

torT

#chmod o+t or chmod 1766

Note: Where s= setuid + execute permission and S= setuid only. Same is for SGID and also for
sticky bit.

SUID-SETUSERID

Change user ID on execution. If SETUID bit is set, when the file will be executed by a user, the
process will have the_35me_rjghts_as_the owner of thejjle being_executed. Many of the system
commands are the best example for SUID, basically the owner of the commands will be root,
but still a normal user can execute it-

Example

By default ping command is haying suid, so all users can run that command but if suid is
removed and a normal user wants to user execute it, then it will show 'operation not
permitted'

[rootSktlinux Desktop]* which ping

/bin/ping

[rootSktlinux Desktop]* Is -I /bin/ping

Frwslr-xr-x.

1 root root 41432 Jul 27

2010 HiHiWiCTiEl

[rootSktlinux Desktop]* I
Note: observe that in the permissions "-rwsr-xr-x" it contains an "s", which means SUID is
placed.

Let's remove suid on Ping command and logged in as normal user and check the results
[rootSktlinux Desktop]# chmod u-s /bin/ping
[rootSktlinux Desktop]* su - ktuser2
[ktuser2S!<tlinux ~]s ping 192.168.10.95
ping: icmp open socket: Operation not permitted
[ktuser2Sktlinux -]5 fl
Page 107 of 274

www.kerrneltech.coni

9
9

SGID-SET GROUP ID

Sgt group,ID. used on executable files to allow the file to be run as if logged into the group
(like SUID but uses file group permissions)
SGID can also be used on a directory so that every file created in that directory will have the

directory group owner rather than the group owner of the user creating the file:
Example

When a directory is created and its group is set to some group. Now if SGID is applied to it,
and the group member creates files and directory inside it, then it will get the same group
rather than getting user's primary group
Let's see it practically.

[rootSktlinux /]# mkdir ktsdir

[rootSktlinux /]# chgrp ktgroup ktsdir

[rootSktlinux /]# Is -Id ktsdir
drwxr-xr-x 2 rootl ktqrouol 4096 Oct

8 07:32 ktsdir

[rootSktlinux /]# chmod g+s ktsdir

[rootSktlinux /]# Is -Id ktsdir

drv/xr-GDr-x 2 root ktgroup 4096 Oct 8 07:32

[rootSktlinux /]# chmod go+w ktsdir

ktsdir

[rootSktlinux /]# su - ktuser3

[ktuser3Sktlinux -]$ cd /ktsdir
[ktuser3Sktlinux ktsdir]s touch file{1..5}
[ktuser3@ktlinux ktsdir]s Is -I

total 0
-rw-rw-r-- 1 ktuser3 ktgroup 0 Oct

8 07:34 filel

ktgroup
-rw-rw-r-- 1 ktuser3 ktgroup
-rw-rw-r-- 1 ktuser3 ktgroup

0 Oct

8 07:34 file2

Oct

8 07:34 file3

Oct

8 07:34 file4

-rw-rw-r-- 1 ktuser3 ktarouo 0 Oct

8 07:34 files

-rw-rw-r-- 1 ktuser3

[ktuser3@ktlinux ktsd ir]S |

Note: when a file is created by any user it will get the group as primary group of the owner
which is usually owner's private group with same name.

STICKY BIT

If sticky bit is applied on a file or directory, then only root and owner of that file or directory can
dejfitesit. Even if others are having full permissions they cannot delete the file or directory..

Let see it practically.

[rootSktlinux /]# chmod o+t ktsdir

[rootSktlinux /]# Is -Id ktsdir

h'rwxrv/srwtl 2 root ktgroup 4096 Oct 8 07:34 IB

[rootSktlinux /]# su - v/shr
[v/shrSktlinux -]$ cd /ktsdir
[wshrSktlinux ktsdir]s Is
filel

file2

file3

file4

file5

[wshrSktlinux ktsdir]$ rm filel

rm:

remove write-protected regular empty file 'filel'? y

rm: cannot remove 'filel':[Operation not permitted!

[v/shrSktlinux ktsdir]s 1
Page 108 of 274
www.kerrneltech.com
TT**,nni^

&

H*f

<Q\

2. Access Control List (ACL)

Define more fine-grained discretionarv,access rights for files and directories.

Often, you want to share files among certain groups and specific users. It is a good practice
to designate a directory for that purpose. You want to allow those groups and users to read,
and write files in that directory, as well as create new files into the directory. Such special

permissions can be given using ACL.

ACL can be applied on ACL enabled partition, that means you need to enable ACL while
mounting the partition.

Steps to implement ACL

Create a partition andjormat it with ext4fjle system

Mount a file system with ACL
Apply ACL on it.
Let's implement it practically.
Create a partition and format it with ext4 file system
[rootSktlinux ~]# parted -I /dev/sda
Model: VHware Virtual disk (scsi)
Disk /dev/sda: 53.7GB

Sector size (logical/physical): 512B/512B

Partition Table:
Number

msdos

File system

210MB

Type
primary
primary

ext4

4194MB

primary

linux-swap(vl)

Start

End

Size

1049kB

31.5GB

31.5GB

31.5GB

31.7GB

31.7GB

35.9GB

35.9GB

53.7GB

17.8GB

extended

35.9GB

36.4GB

534MB

36.4GB

36.9GB

535MB

logical
logical

36.9GB

37.5GB

535MB

37.5GB

38.0GB

535MB

Flags
Ivm
boot

linux-swap(vl)

logical
logical

[rootSktlinux ~]#| mkfs.ext4 /dev/sda7

mke2fs 1.41.12 (17-May-2010)
Mount it with ACL option
#mount -o acl /dev/sda7 /ktdir
If the partition is already mounted and you want add acl on it use following command
[rootSktlinux ~]# mount -o acl /dev/sda7 /ktdir
[rootSktlinux -]# mount
/var/named on /var/named/chroot/var/named type none (rw.bind)
sunrpc on /var/lib/nfs/rpcpipefs type rpc pipefs (rw)
/dev/sda2 on /boot type ext4 (rw)

/dev/mapper/vgktlinux-homelv on /home type ext4 (rw)

/dev/mapper/ktpart on /kernel type ext4 (rw)
r/dev/sda7 on /ktdir type ext4 (rv/.acDI

[rootSktlinux -]# |
PaRe 109 of 274

www.kerrneltcch.com

To make it permanent make following entry in /etc/fstab

ifdev/mapper/ktpart

/Kernel

ext4

r*dev/sda6

del aults

swaD

'dev/sda7

/ktdir

ext4

G 0

1.

'f -

o ofl

!f your partition already exists, then just add an ac! after defaults as shown above and use

the following command.

#mount-o remount/dev/sda7

Now check the default permission and acl permission on /ktdir

Sis-Id /ktdir

To check the acl permission syntax is

#getfacl <option> <dir/file name>

Options:
-d
Displays the default ACL

-R

Recurses into subdirectories

#getfacl /ktdir
[rootSktlinux -]# Is -Id /ktdir
drwxr-xr-x 3

root root 1024 Oct 10 02:42 /k tdir

[rootSktlinux -]# getfacl /ktdir

getfacl: Removing leading '/' from
#

file:

absolute path names

ktdir

# owner:

root

# group:

root

u s e r : : rv/x

group::r-x
other::r-x

Now let's assign full permission to the directory and then apply acl on it, so that we can
analyze how acl will work.

[rootSktlinux ~]# chmod 777 /ktdir

[rootSktlinux -]# Is -Id /ktdir
drwx rwxrwx 3 root

root

1024 Oct 10 02:42

[rootSktlinux -]# J

Okay, now we are ready to apply acl, but first lets understand the command and option in

The syntax to apply acl is

#setfacl <option> < argument > < file or directory name >

The options are,

-m Modifies an ACL

-x Removes an ACL

-R Recurses into subdirectories

details.

Page 110 of 274

www.kerrneltcch.coni

The possible arguments are

u: u s e r

g: group

o: others

Note: Whatever ACL permissions assigned to a user or group or others, it will be treated as
Normal Permissions minus ACL

To assign read and execute permission to a particular user the syntax could be
#setfacl -m u: <usemame>: <permissions> <file or dir name>

#setfacl -m u:ktuser: rx ktdir

Verify it by using getfacl command

[rootSktlinux ~]# setfacl -m u:ktuser:rx /ktdir

[rootSktlinux -]# getfacl /ktdir

getfacl: Removing leading '/' from absolute path names

file:

owner:

ktdir
root

group: root
u s e r : : rwx

|user:ktuser: r-x |
group:: rwx
mask::rwx
other::rwx

Now login as ktuser and try to create a file inside ktdir, as we have not assigned write
permission to ktuser, though it is having full permissions, still it will not allow ktuser to
create a file inside it.

[rootSktlinux ~]# su - ktuser

[ktuserSktlinux ~]s cd /ktdir
[ktuserSktlinux ktdir]$ touch filel
touch: cannot touch *filel': Permission denied

[ktuserSktlinux ktdir]s Is -Id /ktdir

drwxrwxrwT]3 root root 1024 Oct 10 02:42

[ktuserSktlinux ktdir]s j
Observe that when you check for the permissions it is showing a + sign after normal permission,
that indicate that ACL is applied on this directory.

Page ill of 274

www.kerrneltech.com

-<.

To assign read write and execute permission to a particular group

#setfacl -m g:<group name>:<permissions> <file or directory name>

#setfacl -m g:ktgroup:rwx /ktdir

[rootSktlinux /]# setfacl -m g: ktgroup: rv/x /ktdir

[rootSktlinux /]# getfacl ktdir

# file:

ktdir

# owner:

root

# group: root
user:: rv/x

user:ktuser:r-x
group: :rwx

group: ktgroup: rwx

mask::rwx

other:: rwx

Now you know how to apply acl on any file or directory, let me just give one more examples
which you can broaden your understandings.
Assigning read and execute permission for a user and a group at same time.
#setfacl-m u:ktuser:rx,g:ktgroup:rx/ktdir
[rootSktlinux /]# setfacl -m u:ktuser:rx,g:ktgroup:rx /ktdir
[rootSktlinux /]# getfacl ktdir
# file:

ktdir
r

owner:

root

# group: root
user:: rwx

|user: ktuser: r-x

group: :rwx

p roup: Ktgroup: r-x

mask: :rwx

other:: rwx

Likewise you can explore applying acl to any user, group, or others in many ways.
Removing acl for a particular user

#setfacl -x u:<usemame> <dir name>

#setfacl -x u:ktuser /ktdir

[rootSktlinux /]# setfacl -x u:ktuser /ktdir

[rootSktlinux /]# getfacl ktdir
# file:

ktdir

# owner:

root

# group: root
user: :rv/x

group: :rwx

group: ktgroup: r-x

mask:: rv/x
other:: rwx

Page 112 of 274

www.kerrneltech.com

/Wij&j,

p^

JP*

Removing acl for a particular group

#setfacl -x g:<group name><directory name>

#setfacl -x g: ktgroup /ktdir

[rootSktlinux /]# setfacl -x g:ktgroup /ktdir

[rootSktlinux /]# getfacl ktdir
# file: ktdir
# owner: root

# group: root
user:: rv/x

group::rwx
mask::rwx
other::rwx

Removing all ACL permissionsfrom a file or directory

#setfacl -b <dir name>

#setfacl-b /ktdir

"

As we have removed acl for a group and a user, let's apply back some acl on ktdir and remove
it using above command
/lp\

[rootSktlinux /]# setfacl -m u:ktuser:rx,g:ktgroup:rx /ktdir

[rootSktlinux /]# getfacl ktdir
# file: ktdir
# owner:

root

# group: root
user:: rwx

user:ktuser:r-x
group::rwx

group:ktgroup:r-x
mask::rwx
other::rwx

[rootSktlinux /]# setfacl -b /ktdir

[rootSktlinux /]# getfacl ktdir
# file: ktdir
# owner: root

# group: root
user:: rwx

group::rwx
other::rwx

[rootSktlinux /]#

ACL can also be applied to a file in exactly similar fashion aswe did for adirectory.
This part confirms the end of USER ADMINISTRATION

Page 113 of 274

www.kerrneltech.com

Network Configuration & Trouble Shooting

Networking:

It is a connection between t;wo or more rnachines to communicate with each other.

The basic requirements for Networking are:

1. NIC (Network Interface Controller or Card)

2.

Media

3. Topology
4.

Protocol

5.

IP Addresses

1.

NIC (Network Interface Controller or Card)

A network interface-controller (also known as a

:e card, network adapter,

LAN__adapter_and by similar terms) is a computer hardware component that connects a

computer to a computer network. Each NIC will be having a unique MAC addresses (Media
Access_flptrol address^to avoid conflicts between same NIC adapters. In Linux these NIC
adapter is represented by the word "eth". Example if there are two Ethernet adapters in the
system then it will be denoted as ethO, ethl, etc.
2.

Media

Media is the medium via which two different,computer^ NIC card will be connected. The

best example for media is Cable. Example RJ 45, CAT5 etc.

3.

Topology

Topology is the scherpj

iesignJn which the computers in the network will be connected

to each other. Example for topology is Bus, Ring, star, mesh, trg_topologies. The following
pictures explain it better.
^
i

a
^

Bus Network Topology Ring Network Topology $tar NetworkTopoIogy Mesh Network Topology

Tree Network Topology

Page 114 of 274

www.kerrneItccli.coni

4.

Protocol

Anetwork protocol defines^e^and conventions for communication between network

devices. Protocols for computer networking all generally use packet switching techniques to
send and receive messages in the form of_pockets.

Network protocols include mechanisms for devices to identify and make connections

with each other, as well as formatting rules that specify how data is pa^^edJDtojRessagos,

senj_and receiverljome protocols also support message acknowledgement and data

compression designed for reliable and/or high-performance network communication.

Hundreds ofdifferent computer network protocols have been developed each designed for
specific purposes and environments.

Example for Protocols are TCP/IP (Transmission Control Protocol), UDP (User Datagram
Protocol), HTTP. The most widely and regularly used protocols for transferring data are TCP
and UDP. Let's analyze some basic differences between TCP/IP and UDP.
UDP

User Datagram Protocol

It is connection Oriented

Connectionless

Reliable

Non-Reliable

TCP Acknowledgement will be sent/received

No Acknowledgement for UDP

Slow Communication

Faster Communication

Protocol Number for TCP is 6

Protocol Number for UDP is 17

HTTP, FTP, SMTP uses TCP

DNS, DHCP uses UDP

5.

TCP/IP
Transmission Control Protocol

IP ADDRESS

An IP address can be thought of as being similar to a phone number. Just as every person who
communicates with a telephone is using a phone with a unique phone number, every computer that

is on the Internet has a unique IP address. Not only on internet but within an organization every
computer is assigned an IP address so that they can communicate with each other. Basically IP
addressing is very deep concept. To understand the concept of IP address we need to understand
some important aspect of IP Address which is
IP Address Classes
Subnet mask

Gateway

The above concepts in IP Addressing are very important to understand networking clearly.

Page 115 of 274

www.kerrncltech.com

IP Address Classes

The IP addresses are further broken down into classes. These classes are A, B, C, D, E and their-possible
ranges can be seen in Figure below.
End

Start

Class

CIDR

Default subnet mask

Class A

0.0.0.0

127.235.255.255

255.0.0.0

Class B

128.0.0.0

19U55.255.255

255.255.0.0

/16

Class C

192.0.0.0

223.255.255.255

255.255.255.0

Class D (multicast)

224.0.0.0

239.255JJ55.255

Class E (reserved)

240.0.0.0

255.255255.255

*CIDR - Classless Inter-Domain Routing

* 127.0.0.0 to 127.255.255.255 is reserved for loopback address

Loopback

A special IP number (127.0.0.1), that is designated for the software loopback interface of a
machine, 127.0.0.0 Through 127.255.255.255 is also reserved for loopback and is used for
internal testing on local machines.
Multicast

Multicasting allows a single message to be sent to a group of recipients. Emailing,

teleconferencing, are examples or multicasting. It uses the network infrastructure and
standards to send messages.

Subnet Mask

A subnet mask allows users to identify which part of an IP address is reserved for the network
and which part is available for host use. By looking at the IP address alone, especially now with
classless inter-domain routing, users cannot tell which part of the address is which. Adding the
subnet mask or netmask gives users all the information needed to calculate network and host
portions of the address with ease. In summary, knowing the subnet mask can allow users to
easily calculate whether IP addresses are on the same subnet or not.

A commonly used netmask is a 24-bit netmask as seen below.

Netmask:

255.

255.

255.

Binary:

11111111

11111111

11111111

00000000

Netmask length

16

24

Page 116 of 274

www.kerrncltech.com

Gateway

Ajateway is a network point that provides entrance into another network. On the Internet, a

n_o.de-PX_stopping point can be either agateway node or a hostjend-point) node. Both the
cgmp'-'ter-s of jntprnet users and the computers that serve pages to users are host nodes. The
computers that control traffic within your company's network or at your local Internet service
provider (ISP) are gateway nodes.

For example let's say our network is 192.168. something and we want to

send a file to other computer on lO.lO.network, so we need a gateway to communicate

between two computers of different networks.

Some Important configuration files/directories of network configurations

#Zgt/sysconfigZnetwork-scripts is the directory which keeps the configuration of network

devices connected to the system.
[rootSktlinux network-scripts]# Is
ifcfg-ethu
ifcfq-lo

sdii
ifdown-post
ifdown-ppp

ifdown-bnep

ifdown-routes

ifdown-eth

ifdown-sit

ifdown-ippp
ifdown-ipv6

if down-tunnel

ifup-aliases
ifup-bnep
ifup-eth
ifup-ippp
ifup-ipv6
ifup
ifup-plip

ifup-plusb
ifup-post
ifup-ppp
ifup-routes
ifup-sit
ifup-tunnel
ifup-wireless

init.ipv6-global
net.hotplug
network-functions

network-functions-ipv6

fl/jJgAyS-CO_nfig/network is a file which keeps the information about the hostname assigned to
the system. If you want to change the hostname permanently, you need to change the
hostname in this file.

[rootSktlinux ~]# cat /etc/sysconfig/network

NETWORKING=yes
H0STNAME=ktlinux.kt.com

[rootSktlinux -]# |

#/etc/hosts a file which is responsible for resolving hostname into IP locally, in other word it
acts as local DNS if DNS server is not accessible.

[rootSktlinux -]# cat /etc/hosts

'

192.163.10.98

ktlinux.kt.com ktlinux # Added by NetworkManager

127.0.0.1

localhost.localdomain

::1

ktlinux.kt.com

localhost

ktlinux localhost6.localdomain6 locathost6

#/etc/reso.v.conf is a file which keeps the address of DNS server to which the clients will be

accessing to resolve IP to hostname and hostname to IP.

[rootSktlinux -]# cat /etc/resolv.conf

# Generated by NetworkManager

search kt.com

Inameserver 192.163.10.98 |

"

Page 117 of 274

www.kcnneltech.com

9
LAB WORK:-

To check the ip address assign to all the interfaces

#ifconfig

[rootSktlinux ~]# ifconfig

ethO

Link encap:Ethernet HWaddr 00:0C:29:3C:2F:1E

inet addr 192.168.10.98 Bcast:192.168.10.255

Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fe3c:2fle/64 Scope:Link

UP BROADCAST RUNNING MULTICAST

MTU:1500

Metric:1

RX packets:29686 errors:0 dropped: overruns: frame:0

TX packets:1366 errors: dropped: overruns: carrier:0
collisions: txqueuelen:100Q
RX bytes:2102329 (2.0 MiB) TX bytes:15431314 (14.7 MiB)
lo

Link encap:Local Loopback

inet addr:127.0.0.1

inet6 addr:

Mask:255.0.0.0

::1/128 Scope:Host

UP LOOPBACK RUNNING

MTU:16436

Metric:1

RX packets:252 errors: dropped: overruns: frame:

TX packets:252 errors: dropped: overruns: carrier:
collisions: txqueuelen:0
RX bytes:19656 (19.1 KiB) TX bytes:19656 (19.1 KiB)
To chech the ip of a particular interface
tfifconfig < adapter name >

#ifconfig ethO
[rootSktlinux -]# ifconfig eth
Link encap:Ethernet HWaddr 0O:0C:29:3C:2F:15
eth
inet addr:192.168.10.98

Bcast:192.168.10.255

9
Mask:255.255.255.6

inet6 addr: fe80::20c:29ff:fe3c:2fle/64 Scope:Link

UP BROADCAST RUNNING MULTICAST

MTU:1500

Metric:1

RX packets:36560 errors: dropped: overruns: frame:

TX packets:378Q errors: dropped: overruns: carrier:

collisions: txqueuelen:100Q

RX bytes:2550422 (2.4 MiB)

TX bytes:24606368 (23.4 MiB)

To check the hostname of the system.

#hostname

[rootSktlinux ~]# hostname

ktlinux.kt.com

To check ip of the host

#hostname -i

[rootSktlinux -]# hostname -i

192.168.10.98 127.0.0.1

Page 118 of 274

www.kerrneltech.com

To check whether DNS is resolving or not

#host< ip address >
#host 192.168.10.95

[rootSktlinux -]# host 192.163.10.98

98.10.168.192.in-addr.arpa domain name pointer linux.kt.com
#host <hostname>
#host ktlinux.kt.com

[rootSktlinux ~]# host ktlinux.kt.com.

ktlinux.kt.com has address 192.163.10.93

Same with "nslookup" command

#nslookup < ip address >
ffnslookup < hostname >

f^

\>m

[rootSktlinux -]# nslookup 192.163.10.98

Server:

192.168.10.98

Address:

192.168.10.98#53

98.10.168.192.in-addr.arpa
98.10.168.192.in-addr.arpa

name =

kt.com.

name = linux.kt.com.

[rootSktlinux -]# nlookup ktlinux.kt.com

bash: nlookup: command not found

[rootSktlinux ~]# nslookup ktlinux.kt.com

Server:

192.168.10.98

Address:

192.168.10.98#53

Name:

ktlinux.kt.com

Address:

192.168.10.98

The most common command used to check DNS functionjs "dig"

#dig<hostname>
[rootSktlinux ~]# dig ktlinux.kt.com
:< DiG 9.7.0-P2-RedHat-9.7.0-5.?2.el6 ktlinux.kt.com

global options: +cmd

Got

answer:

-HEADER- opcode: QUERY, status: N0ERR0R, id: 11898

flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

; ; QUESTION SECTION:
;ktlinux.kt.com.

IN

;; ANSWER SECTION:
ktlinux.kt.com.

10800

;; AUTHORITY SECTION:
ktlinux.kt.com.

10300

192.158.10.98

IN

NS

ktlinux.kt.com.

Page 119 of 274

www.kerrneltech.com

L.

*<*Q

With ip address
#dig -x <ip address>

\?

f-

9
9

#dig-x 192.168.10.98
[rootSktlinux -]# dig -x 192.163.10.98

; <o> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 -x 192.163.10.98

;; global options: +cmd

;; Got answer:

;; -HEADER- opcode: QUERY, status: NOERROR, id: 4532

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: lf ADDITIONAL: 0

;; QUESTION SECTION;!

;98.10.168.192.in-aftdr.arpa.

IN

PTR

;; ANSWER SECTION:

98.10.168.192.in-addr.arpa. 10800 IN
98.10.168.192.in-addr.arpa. 10300 IN

PTR

linux.kt.com.
kt.com.

NS

linux.kt.com.

PTR

;; AUTHORITY SECTION:

10.168.192.in-addr.arpa. 10300

IN

Checking network connectivity using ping command

#ping < ip address >
#ping 192.168.10.95
[rootSktlinux -*]# ping 192.168.10.95
PING 192.168.10.95 (192.163.10.95) 56(84) bytes of data.
64 bytes from 192.168.10.95 icmp seq=l ttl=64 time=0.115
64 bytes from 192.168.10.95 icmp_seq=2 ttl=64 time=Q.140
64 bytes from 192.168.10.95 icmp_seq=3 ttl=64 time=0.099
64 bytes from 192.168.10.95 icmp seq=4 ttl=64 time=0.111
64 bytes from 192.168.10.95 icmp_seq=5 ttl=64 time=Q.ll

9
ms
ms
ms
ms

ms

AC

--- 192.168.10.95 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4431ms

rtt min/avq/max/mdev = 0.099/0.115/0.140/0.013 ms

Note: use Ctrl + c to stop pinging.

To limit the pinging for specific number of counts

#ping -c <counts> <ip address>
#ping -c 2 192.168.10.95

[rootSktlinux ~]# ping -c 2 192.168.10.95

PING 192.168.10.95 (192.168.10.95) 56(84) bytes of data.
64 bytes from 192.168.10.95: icmp_seq=l ttl=64 time=0.10 ms

64 bytes from 192.168.10.95: icmp_seq=2 ttl=64 time=0.106 ms

--- 192.168.10.95 ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = Q.100/0.103/0.106/0.003 ms

Page 120 of 274

vvww.kernieitecli.com

9
9

Changing the hostname

Check the current hostname with hostname command

The syntax for changing the hostname is

#hostname <new name>
#hostname kernellinux.kt.com

rootSktlinux -]# hostname

ktlinux.kt.com

[rootSktlinux -]# hostname kernellinux.kt.com

[rootSktlinux -]# hostname
kernellinux.kt.com

[rootSktlinux -]# |
Note: The above change is temporary and will be last only till you are logged in, if you want to

change it permanently edit the /etc/sysconfig/network file and then logout and login to
confirm the change.

'
J

#vim /etc/sysconfig/network delete the previous hostname and add the new name.
NETV/ORKING=yes
HOSTNAME=kernellinux.kt.com

Now logoff and logon and check the hostname

l|root(ckernelLinux H# hostname
kernellinux.kt.com

[rootSkernellinux ~]# ]
Note: Once you logout and login again the change will be permanent, observe the highlighted
region above.
Assigning /Changing the IP Address
Steps for changing the IP Address.

_To_cJiajige-lheJP_Address-use-the following utilily

y#setup or #system-config-networkj

It will open a texfbase utility follow the steps below and change the ip address
Restart the network service to apply the changes

Make the network service starts after reboot.

Let's begin with setup

#setup
j Choose a Tool (
Authentication configuration

Firewall configuration
Keyboard configuration
Network configuration
RHN Register
System services

v-rS^v, j

.. ,-^6

Page 121 of 274

www.kerrneitech.com

Move the cursor to Network configuration and press Enter

1 Select r ction |

Device

configuration^

DNS configui ation

- ..:-'<:.'

\
1

\
1

Save&Quit

i
1-

IIbIi
w

M-...,

Move the cursor to Device configuration and press Enter

Note: If system-config-network command is used, it will directly take you to above position.

-j Select A Device jethQ (ethO) - VMware VMXNET3 Ethernet Controller

<New Device>

Now select the NIC adapter i.e. ethO and press Enter

Network Configuration

Name

Device
Use DHCP
Static IP

isk

Default gateway IP
Primary DNS Server
Secondary DNS Server

192.163.10.93

eH
Assign the above ip address and other details as per your requirement, move the cursor to
"OK" and press Enter

Page 122 of 274

www.kernieltech.com

; Select A Device j
etho (ethO) - v-l,ri-e vmxnetj Ethernet Controller

Move the cursor to "save" to save the changes in device configuration and press Enter.

Select Action

peyice configuration
DNS configuration

Once again move the cursor to "Save&Quit" button and press Enter

1 Choose a Tool |
Authentication configuration
Firewall configuration
Keyboard configuration
Network contiquration-:
RHN Register
System services

Finally Move the cursor to "Quit" button and Press Enter to quit the utility.
Page 123 of 274
www.kerrneltech.com

Now restart the network service and check for the ip address
^service network restart

If the change is not reflected with above service restart, restart the networkjnanager
^service NetworkManager restart (N and M are case sensitive)
[[email protected] Desktopj# service network restart
Shutting down interface ethO: Device state: 3 (disconnected)

Shutting down loopback interface:

Bringing up loopback interface:

OK

[
[

OK
OK

]
]

Bringing up interface ethO:

Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1
[

OK

[root(6kernellinux Desktop]* service NetworkManager restart

Stopping NetworkManager daemon:
[
Setting network parameters...
[

ok

OK

[ OK

Starting NetworkManager daemon:

[root(2kernellinux Desktop]* ifconfig ethO

ethO
Link encap:Ethernet HWaddr 0:0C:29:3C:2F:IE
inet addrU92.168.10.981 Bcast:192.168.10.255

Mask:255.255.255.0

inet6 addr: feSO::20c:29ff:fe3c:2fle/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:!
RX packets:72158 errors:0 dropped:0 overruns:0 frame:0
TX packets:17208 errors: dropped: overruns: carrier:0
collisions: txqueuelen:10QQ
RX bytes:4877336 (4.6 MiB) TX bytes:73419371 (70.8 MiB)

9
9

The above picture confirms that we have successfully assigned an IP address to a machine.
You can also check the functioning of newly assigned IP address by pinging it from other

machines in the network.

If it is not pinging from outside then check whether the cable is connected properly or

not.

If the server is in the remote location use #mii-tool to check whether the cable is
connected or not

ethO: neqotiatecl lOObaseTx-FD, link ok

To Know more about the NIC card/adapter use

#ethtool odapter name>

[rootOkernellinux

Settings

-for

Desktop]**

ethtool

ethO

ethO :

Supported
Supported

9
9

[root@kernellinux]# mii-tool

ports:
[ TP
"Link modes:

]
lOOObaseT/Full
lQOOObaseT/Full

Supports auto -negotiation:

No
A d v e r t i s e d l i n k modes:
Not
reported
Advertised pause frame use:
No

Advertised

auto-negotiation:

No

Speed:
lG0O0Mb/s
Duplex:
Full
Port:

Twisted

PHYAD:

Pair

Transceiver:

internal

Auto - n e g o t i a t i o n :
HDI-X:

Supports

Wake-on:

Wake-on:

Link

off

Unknown

tiet <s c t '/ <i :

v e s

uag

This sums up the Networking Chapter

Page 124 of 274
www.kerrneltccli.com

9
9

MANAGING SELINUX (BASICS OF SELINUX)

Basic SELinux Security Concents

SELinux is a security enhancement to Linux that allows users and administrators more

control over which users and applications can access which resources, such as files.

Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the
user and applications that the user runs, whereas SELinux access controls ajp

determined by a policy loaded onjhe system and not changeable by careless users or
misbehaving applications.

SELinux also adds finer granularity to access controls. Instead of only being able to
specify who can read, write or execute a file, for example, SELinux lets you specify who
can unlink, append only, and move a file and so on. SELinux allows you to specify access
to many resources other than files as well, such as network resources and inter-process
communicationjipc).

SELinux provides a flexible Mandatory Access Cantml (MAC) system built into the Linux

kernel. Under standard Linux Discretionary Access Control (DAC), an application or

process running as a user (UID or SUID) has the user's permissions to objects such as

files, sockets, and other processes. Running a MAC kernel protects the system from
malicious or flawed applications that can damage or destroy the system. The following
picture explains more detailed about both Access controls.

Discretionary Access Control

Once a security exploit gains access to

priveleged system component, the
entire system is compromised.

Mandatory Access Control

Kernel policy defines application

rights. FirewaBing applications from
compromising the entire system.

Page 125 of 274

wwvy.kerrneltech.com

The SELinux Decision Making Process

When a subject, (for example, an application), attempts to access an object (for
example, a file), the policy enforcement server in the kernel checks an access vector
cache (AVC), where subject and object permissions are cached. If a decision cannot be
made based on data in the AVC, the request continues to the security server, which
looks up the security_context of the application and the file in a matrix. Permission is
then granted or denied, with an avc: denied message detailed in /var/log/messages if
permission is denied. The security context of subjects and objects is applied from the
installed policy, which also provides the information to populate the security server's
matrix.

Action

Request

Permission
Granted ?

feq:read)

No

SELinux

Policy
Database

Important SELinux configuration Files

/etc/selinux/config is the main configuration file of SELinux.

/etc/sysconfig/selinux contains a symbolic link to the actual configuration file,
/etc/selinux/config.
Note: If you want to turn on or off the SELinux security you need to make changes in the main

configuration file i.e. /etc/seiinux/config file. Well we'll see it later in this chapter.
[rootSktlinux ~]# cat /etc/selinux/config
7 This file controls the state of SELinux on the system.
7

SELINUX=

can take one

of these three values:

t
enforcing - SELinux security policy is enforced.
7
permissive - SELinux prints warnings instead of enforcing.

disabled - Mo SELinux policy is loaded.

ScLINUX=enforcing
7

7
7

SELINUXTYPE= can take

one of these

two values:

targeted - Targeted processes are protected,

mis - Multi Level Security protection.

SELINUXTYPE=targeted
Page 126 of 274

v.kerrneltech.com

Modes of SELinux

* There are three modes in which SELinux can be at a time, theyare

Enforcing, Permissive and Disabled
Enforcing

Enable and enforce the SELinux security policy on the system, denyingaccess and
logging actions

Permissive

Permissive mode is similar to Debugging Mode. In Permissive Mode, SELinux policies and
rules are applied to subjects and objects, but actions ( for example, Access Control denials)
are not affected. The biggest advantage of Permissive Mode is that log files and error
messages are generated based on the SELinux policy implemented.
Disabled

SELinux is turned off and no warn and log messages will begenerated and stored.

Booleans

Booleans are variables that can either besetas trueorfalse^ Booleans e_nhanc_ihe effect of
SELinux policies by letting the system administrator finetune a policy. Apolicy may protect
a certain daemon or service by^agplying various access coj^rol^mlps |n real world scenarios,
a system administrator would not like to implement all the access controls specified in the
DO liny.

SELinux Policy

The SELinux Policy is the set of rules that guide the SlLinjJx.seaLrJiy_engine. It defines types
for file objects and domains for_prorpss5.. It uses roles to limit the domains that can be

entered, and has user identities to specify the roles that can be attained. In essence, types
and domains ar^equjyalent, the difference being that types apply to objects while domains
apply to processes.
SELinux Context

Processes and files are labeled with a SELinux context that contains additional information,
such as a SELinux user, role, type, and, optionally, a level.

Page 127 of 274

www.kerrneltech.com

9
LAB WORK:-

To check the SELinux Mode

trgetenforce

[rootSktlinux ~]# getenforce

Enforcing

[rootSktlinux ~]# |
#sestatus

[rootSktlinux -*]# sestatus

enabled

SELinux status:

SELinuxfs mount:

/selinux

Current mode:

enforcing

Mode from config file:

Policy version:
Policy from config file:

entorcmg
24

targeted

[rootSktlinux ~]# j
Display the SELinux context of a file or directory.
To display the context of a file the syntax is
#ls-Z<filename>

[rootSktlinux -]# Is
anaconda-ks.cfg
Desktop

Documents
Downloads

^___^_^
install.log
I ktfile I Pictures
install.log.syslog Music
Public

Templates
Videos

[rootSktlinux ~]# Is -Z ktfile

-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 ktfile

[rootSktlinux -]# |
To display the context of a directory the syntax is

#ls -IdZ <directory name>

[rootSktlinux -]# Is -IdZ Documents

drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:sO Documents

[rootSktlinux -]# |

9
9

Displaying the SELinux Context of a Process

To display the context of a process running in the system, the syntax is
#ps -efZ | grep <process name>
#ps-efZ | grep http

iroot(cKUinu:< -J# ps -er/ [grep nttp

unconfined_u:unconfined_r:unconfined_t:5O-sQ:c0.clQ23 root 24940 19112 0 17:37 pts/0

ep http

[rootSktlinux -]# ]

_______
Page 128 of 274

www.kerrncltech.com

9
9

Changing the SELinux Context of a file or directory

> To change the context of the file the steps are
Check the existing context of the file by
#ls-ldZ<filename>

[rootSktlinux -]# Is -IdZ ktfile

-rw-r--r--. root root unconfined u:object r:admin home t:sO ktfile

Observe that the type is admin_home_t, let's change it to public_content_t, so that it will be
available for all users.

To change the context of a file or directory the syntax is

#chcon -t <argument> <file/dir name>
#chcon -t public_content_t ktfile

I rootSktlinux ~J# chcon -t public_content_t kttile

[rootSktlinux -]# Is -IdZ ktfile

-rw-r--r--. root root unconf inedu: obj ectr :|public_content_t | sO ktfile

[rootSktlinux ~]# |

'

To change the context for a directory and its contents

Check the context of both directory and its contents

[rootSktlinux ~]# Is

IdZ ktdir
root root systemu:obj ectr:adminhomet:s0 ktdir
[rootSktlinux ~]# Is IZ ktdir

drwxr-xr-x.

-rw-r--r--.

root

root

system_u:object_r:admin_home_t:sO filel

-rw-r--r--

root

root

-rw-r--r--

root

root

systemu:obj ectr:adminhomet:s0 file2

system u:object r:admin home t:s0 file3

-rw-r--r--

root

root

systemu:object_r:adminjiomet:sO file4

-rw-r--r--

root

root

system u:object r:admin home t:s0 file5

[rootSktlinux ~]# I

To change the context for a directoryand its contents, the syntax is

#chcon -R -t <argument > <dir name>
#chcon -R -t public_content_t ktdir
[rootSktlinux ~]# chcon -R -t public contentt
[rootSktlinux -]# Is -IdZ ktdi r

drwxr-xr-x. root root systemjj :object_r:public

ktdir

content t:sO ktdir

[rootSktlinux ~]# Is -IZ ktdir

-rw-r--r--. root root systemu :object_r:public content_t:sG filel
-rw-r--r-root root system u :object_r:public content_t:sO file2
-rw-r--r-root root system_u :object_r:public content_t:sO file3
-rw-r--r-root root system u :object_r:public content_t:sO file4
-rw-r--r-root root systemu :object npublic content t:s0 files

rootSktlinux ~]# I

Page 129 of 274

www.kerrneltech.coin

Restoring back the modified SELinux context to its default value

To restore the modified/changed SELinux context of a file to its default form, the syntax is
flrestorecon-v <filename>
#restorecon -v ktfile

[rootSktlinux ~]# Is -IdZ ktfile

-rw-r--r--. root root unconfinedu;objectr [publiccontenttj: s8 ktfile

[rootSktlinux -]# restorecon -v ktfile

restorecon reset /root/ktfile context unconfined_u:object_r:public_content_t:s0->systera_u:object

r:admin home t:sO

[rootSktlinux -]# Is -IdZ ktfile

-rw-rr--. root root systesi_u:object_r admin

home

sB ktfile

[rootSktlinux ~]# |
To restore back the same of a directory with its contents, the syntax is
#restorecon -Rv <dir name >
tfresotrecon-Rv ktdir

N-->

drwxr-xr-x. root root system u:object rrpublic content t:s8 ktdir

[root@ktlinux ~]# Is -IZ ktdir

-rw-r--r--. root root systenMi:object_r:public_content_t:s8 filel
root root systeffl_u:object_r:public_content_t:s8 file2
-rw- r- -r-rw- r- -r-rw- r- -r-

-rw- r- -r-

root root systeflfu:object_r:public_content_t:s8 file3

root root systesi_u:object~r:public_content_t:s8 file4
root root systeo_u:object_r:public~content_t:s8 files

[rootSktlinux -]# restorecon -Rv ktdir

restorecon reset /root/ktdir context systemji:objectj":pubUcj:ontent_t:se->system_u:object_r:adin

in_home_t:s8

restorecon reset /root/ktdir/file4 context systemu:object_r:public_content_t:s6->systein_u:object

r:admin_home_t:s8

restorecon reset /root/ktdir/file3 context system_u:object_r:public_content_t:s8->system_u:object

r:admin_hoine_t:se

restorecon reset /root/ktdir/filel context systemu:object_r:public_content_t:s8->systera_u:object

_r:adrain_honie_t:s8

restorecon reset /root/ktdir/file5 context system_u:object_r:public_content t:s8->system_u:object

_r:admin_hoaie_t:s8

restorecon reset /root/ktdir/file2 context systemu:object_r:public_content_t:se->system_u:object

r:admin_home_t:s8

Iroot@ktlinux ~J# Is -IdZ ktdir

drwxr-xr-x. root root system_u:object_r:admin_home_t:s8 ktdir
[rootSktlinux ~]# Is -IZ ktdir

-rw-r--r--. root root system_u:object_r:adrain_honie_t:s8 filel

-rw-r--r--. root root systefn~u:object_r:adrain_home_t:s8 file2

-rw-r--r--. root root systen_u:object_r:adrain_home_t:s8 file3
-rw-r--r--. root root systera_u:object_r:adrain_home_t:s8 file4

-rw-r--r--. root root system u:object'r:admin home t:s8 files

Note: For restoring the context of only the dir except its contents do not add

'R"

in the

command.

Page 130 of 274

www.kerrneltech.com

Changing the Modes of SEIinux

To change the mode of SEIinux the syntax is

#setenforce <option>

Options used are 0 or 1 (Where 0 means Permissiveand 1 means Enforcing)

To change the SELinux Mode to permissive

#setenforce 0

Verify it by getenforce or sestatus command.

[rootSktlinux ~]# getenforce

Enforcing
[rootSktlinux ~]# setenforce 9
[rootSktlinux ~]# getenforce
Permissive

[rootSktlinux -]# sestatus

SELinux status:
SELinuxfs mount:
Current mode:

enabled

/selinux

|permissivel

Mode from config file:

Policy version:
Policy from config file:

\ >->'

enforcing
24

targeted

[rootSktlinux -]# |
To change the SELinux Mode back to Enforcing mode
#setenforce 1

Verify the change

[rootSktlinux ~]# getenforce

Permissive

[rootSktlinux ~]# setenforce

[rootSktlinux ~]# getenforce

Enforcing
[rootSktlinux ~]# sestatus
SELinux status:
SELinuxfs mount:
Current mode:

Mode from config file:

Policy version:
Policy from config file:

enabled

/selinux

^enforcing |
enforcing
24

targeted

[rootSktlinux ~]# |

Page 131 of 274

wwiv.kerrneltech.com

Disabling and Enabling the SELinux Security

To disable the SELinux protection or to change it to disabled Mode
Edit the /etc/selinux/config file and change SELINUX=disabled

Whenever changing the mode of SELinux from Enforcing/Permissive to Disabled or

Disabled to Permissive/Enforcing, you need to restart the system so that the changes can
take effect.

First check the current status of SELinux and the configuration file.
[rootSktlinux -]# getenforce
Enforcing
[rootSktlinux ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#
#
#

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.

SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
//^5\

#
targeted - Targeted processes are protected,
#
mis - Multi Level Security protection.
SELINUXTYPE=targeted
Now, edit the configuration file, restart the computer and check the status.
#vim /etc/selinux/config

#init 6 (to reboot the system)

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:

#
#

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing
dl^hled - is o SELinux policy is loaded.

^ELINUX=disabled]
^j|

# SELINUXTYPE= can take one of these two values:

#
targeted - Targeted processes are protected,
#
mis - Multi Level Security protection.
SELINUXTYPE=ta rgeted
[rootSktlinux ~]# getenforce
Disabled

[rootSktlinux ~]# sestatus

SELinux status:

disabled

[rootSktlinux ~]# |
To Enable it back the procedure is exactly same as above, instead of SEUNUX=disabled change
it to SELINUX=enforcing or permissive. Don't forget to restart the system, unless the system is
rebooted the changes will not take effect.

Page 132 of 274

www.kerrneltech.com

tm