Redhat Linux Course

RHCSA Certfication -- Admin I & II

Getting Started with Linux.

Mina Bahgat
10 October 2019
Email: [email protected]
Email: [email protected]

https://www.facebook.com/cspcourses/

https://www.linkedin.com/company/14026146/
Contents

RHCSA Guide 3
User/Group Management 3
File System 10
vi <File_name> 29
Labs 53
One 53

Redhat Linux Course

RHCSA Certfication -- Admin I & II 2
RHCSA Guide
Command –Option Arg_1 Arg_2
mkdir glob ; cd glob
No news good news.

User/Group Management
Every process (running program) on the system runs as a particular user. Every file is
owned by a particular user. Access to files and directories are restricted by user. The user
associated with a running process determines the files and directories accessible to that
process.
cat /etc/passwd
- Description: List all the users on the system.
[root@orange ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
……………………………..

The seven fields of each entry in passwd file:

1. Username
2. Password – always x
3. UID
4. GID – Primary Group ID
5. Comment
6. Home Directory
7. Default Shell
NB:
root:x:0:0:root:/root:/bin/bash
root::0:0:root:/root:/bin/bash  if you removed the ‘x’ the user will login without
password.
nologin shell users most common are service users.
--------------------------------------------------------------------------------------------------
cat /etc/shadow
- Description: List all the users on the system with their encrypted passwords.
[root@orange ~]# cat /etc/shadow
root:$6$ZcDFr1ikUx/ZQ312$dgPdk.OjKJ8rN25elrV.AuEhD.MGbWfsP5TUnKzYQns1Q1tYGnfcX0MT6
ALdS1FZmNDmPCP9R1OpdGceRhWW50:17303:0:99999:7:::
bin:*:16231:0:99999:7:::
daemon:*:16231:0:99999:7:::
adm:*:16231:0:99999:7:::
lp:*:16231:0:99999:7:::

There are 3 pieces of information the password hash:

1. The number  this indicates the hashing algorithm, 1 md5, 6SHA-512 hash
2. The salt used to encrypt the hash  This is combined with the password to create the hash.
3. The encrypted hash

the root user can run the command authconfig--passalgo with one of the arguments
md5, sha256 or sha512.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
3
The shadow file fields are:
1. Username
2. The password hashed
3. The date of the last password change, represented as the number of days since
1970.01.01.
4. The minimum number of days before a password may be changed, where O means "no
minimum age requirement."
5. The maximum number of days before a password must be changed.
6. The warning period that a password is about to expire. Represented in days,
where 0 means "no warning given."
7. The number of days an account remains active after a password has expired. A
user may still login to the system and change the password during this period.
After the specified number of days, the account is locked, becoming inactive.
8. The account expiration date, represented as the number of days since
1970.01.01.
9. This blank field is reserved for future use.
--------------------------------------------------------------------------------------------------
chage

grep apicom /etc/shadow  this file contains the encrypted password as well as the
password policy parameters.
chage -M 99999 username  Change the maximum days before changing the password.
chage –m 2 username  the minimum days before you can change the password.
chage –W 2 username  the number of days, where the system start warning the user that
his password will expire.
chage –d 0 username username will force a password update on next log in.
chage –l username will list a username's current settings.
chage -E YYYY-MM-DD  will expire an account on a specific day.
date –d "+45 days”  calculate date in the future.
id <username>
- Description: Check the UID & GIDs of a specific user.
This command is used to check the secondary groups of the user
[root@orange ~]# id mina
uid=2002(mina) gid=2003(mina) groups=2003(mina)
--------------------------------------------------------------------------------------------------

groups
- Description: List the groups of the user.
[root@orange ~]# id john
uid=7000(john) gid=1003(marketing) groups=1003(marketing)
[root@orange ~]# groups john

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
4
john : marketing
--------------------------------------------------------------------------------------------------
useradd <username>.
- Description: Add a new user.
[root@orange ~]# useradd mina

- Description: Set the primary/secondary group of the user while creating it.
[root@orange ~]# useradd -G sales Test
[root@orange ~]# id Test
uid=5001(Test) gid=5002(Test) groups=5002(Test),5001(sales)
[root@orange ~]# useradd -g sales Test_test
[root@orange ~]# id Test_test
uid=5002(Test_test) gid=5001(sales) groups=5001(sales)
[root@orange ~]#
[root@orange ~]# useradd -u 7000 -d /john –s /bin/bash john
[root@orange ~]# id john
uid=7000(john) gid=7000(john) groups=7000(john)
[root@orange ~]# grep john /etc/passwd
john:x:7000:7000::/john:/bin/bash
[root@orange ~]#

UID Ranges:
UID 0 is always assigned to the superuser account, root.
UID 1-200 is a range of "system users" assigned statically to system processes by
RedHat.
UID 201-999 is a range of "system users" used by system processes that do not own
files on the file system. They are typically assigned dynamically from the
available pool when the software that needs them is installed. Programs run as
these "unprivileged" system users in order to limit their access to just the
resources they need to function.
UID 1000+ is the range available for assignment to regular users.

Default ranges used by useradd and groupadd can be changed in the /etc/login.defs
file.

--------------------------------------------------------------------------------------------------
usermod
- Description: Change the home directory of an existing user, change his group, the
shell type ……….
[root@orange ~]# grep john /etc/passwd
john:x:7000:1002::/john:/bin/bash
[root@orange ~]# id john
uid=7000(john) gid=1002(sales) groups=1002(sales)
[root@orange ~]# usermod -s /bin/csh -d /home/john -g marketing john
[root@orange ~]# id john
uid=7000(john) gid=1003(marketing) groups=1003(marketing)
[root@orange ~]# cat /etc/passwd | grep john
john:x:7000:1003::/home/john:/bin/csh
[root@orange ~]#

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
5
usermod –u  change user id
-aG  add secondary group to the user
-c  add comment
-g  change primary group (used while creting new files)
-d  change the home directory
-md  move home directory
-s  change default shell
sudo usermod -L -e 1 elvis  Lock the account and expire it “set it’s expiry date
one day after 01.01.1970”
sudo usermod –U username  if you unlocked the account but still u can’t login
please check the expiry date.
--------------------------------------------------------------------------------------------------
passwd <username>
- Description: Change the password of a user.
[root@orange ~]# passwd mina
Changing password for user mina.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
# passwd --status root  Check if the user is locked
root *LK* 2017-07-19 0 45 7 -1 (Password set, SHA512 crypt.)
--------------------------------------------------------------------------------------------------
userdel <username>
- Description: Delete a user.
[root@orange ~]# userdel -r mina  -r option to remove home directory
[root@orange ~]# grep mina /etc/passwd
[root@orange ~]#

-userdel <username> removes the user from /etc/passwd, but leaves the home
directory intact by default.
-userdel -r <username>  removes the user and the user's home directory.
NB: When a user is removed with userdel without the -r option specified, the system will
have files that are owned by an unassigned user ID number. This can also happen when
files created by a deleted user exist outside their home directory. This situation can lead to
information leakage and other security issues.
In Red Hat Enterprise Linux 7 the useradd command assigns new users the first free UID
number available in the range starting from UID 1000 or above. (unless one is explicitly
specified with the -u UID option). This is how information leakage can occur: If the first free
UID number had been previously assigned to a user account which has since been
removed from the system, the old user's UID number will get reassigned to the new user,
giving the new user ownership of the old user's remaining files.
Depending on the situation, one solution to this problem is to remove all "unowned" files
from the system when the user that created them is deleted. Another solution is to manually
assign the "unowned" files to a different user.
-find / -nouser -o -nogroup 2> /dev/null  The root user can find "unowned" files and
directories.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
6
1.1.1.1 userdel -r
[root@localhost Desktop]# ll /home/test/test
-rw-r--r--. 1 test test 0 Apr 8 13:53 /home/test/test
[root@localhost Desktop]# userdel test
[root@localhost Desktop]# ll /home/test/test
-rw-r--r--. 1 1002 1002 0 Apr 8 13:53 /home/test/test
[root@localhost Desktop]# find / -nouser -o -nogroup 2> /dev/null
/var/spool/mail/test
/home/test
/home/test/.mozilla
/home/test/.mozilla/extensions
/home/test/.mozilla/plugins
/home/test/.bash_logout
/home/test/.bash_profile
/home/test/.bashrc
/home/test/test
[root@localhost Desktop]# ll /home/test/.bashrc
-rw-r--r--. 1 1002 1002 231 Jun 9 2014 /home/test/.bashrc
[root@localhost Desktop]# useradd -u 1002 test
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Creating mailbox file: File exists
[root@localhost Desktop]# ll /home/test/.bashrc
-rw-r--r--. 1 test test 231 Jun 9 2014 /home/test/.bashrc
[root@localhost Desktop]# userdel -r test
[root@localhost Desktop]# find / -nouser -o -nogroup 2> /dev/null
[root@localhost Desktop]#
su <username>
- Description: Switch user.
[root@orange ~]# pwd
/root
[root@orange ~]# su mina
[mina@orange root]$ pwd
/root
[mina@orange root]$ exit
exit
[root@orange ~]# su - mina
Last login: Thu Jan 11 12:04:25 EET 2018 on pts/2
[mina@orange ~]$ pwd
/home/mina
[mina@orange ~]$

su <user_name> allows a user to switch to a different user account. If a username is not

specified, the root account is implied. When invoked as a regular user, a prompt will display
asking for the password of the account you are switching to; when invoked as root, there is
no need to enter the account password.
su <user_name> -c <command>  it can be used like the Windows utility runas to run an
arbitrary program as another user.
su – <user_name> sets up the shell environment as if this were a clean login as that
user, while su just starts a shell as that user with the current environment settings.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
7
[csp@localhost ~]$ pwd
/home/csp
[csp@localhost ~]$ su mina
Password:
[mina@localhost csp]$ pwd
/home/csp
[mina@localhost csp]$ exit
exit
[csp@localhost ~]$ su - mina
Password:
Last login: Mon Apr 8 14:15:35 PDT 2019 on pts/0
[mina@localhost ~]$ pwd
/home/mina
[mina@localhost ~]$ cd
[mina@localhost ~]$ pwd
/home/mina
[mina@localhost ~]$ echo $HOME
/home/mina
[mina@localhost ~]$ echo $PATH
/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/mina/.l
ocal/bin:/home/mina/bin
[mina@localhost ~]$ hello
bash: hello: command not found...
[mina@localhost Desktop]$ su -c "useradd minatest" root
Password:
[mina@localhost Desktop]$ grep minatest /etc/passwd
minatest:x:1002:1002::/home/minatest:/bin/bash
[mina@localhost Desktop]$ su -c "userdel -r minatest" root
Password:
[mina@localhost Desktop]$ grep minatest /etc/passwd
[mina@localhost Desktop]$

[csp@localhost Desktop]$ vi newcommand

[csp@localhost Desktop]$ chmod 777 newcommand
[csp@localhost Desktop]$ ./newcommand
Hello
[csp@localhost Desktop]$ pwd
/home/csp/Desktop
[csp@localhost Desktop]$ cd ..
[csp@localhost ~]$ ./newcommand
bash: ./newcommand: No such file or directory
[csp@localhost ~]$ newcommand
bash: newcommand: command not found...
[csp@localhost ~]$ PATH=$PATH:/home/csp/Desktop
[csp@localhost ~]$ echo $PATH
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/home/c
sp/Desktop
[csp@localhost ~]$ newcommand
Hello
[csp@localhost ~]$

exit
- Description: Exit a user shell.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
8
[root@orange ~]# su mina
[mina@orange root]$ exit
exit
[root@orange ~]#
--------------------------------------------------------------------------------------------------
cat /etc/group
Normally, the primary group of a newly created user is a newly created group with the same
name as the user. The user is the only member of this User Private Group (UPG).
- Description: List all the groups.
[root@orange ~]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
……………………….
The fields of the group file:
1. Group name
2. Password
3. GID
4. Group members

--------------------------------------------------------------------------------------------------
groupadd <group_name>
- Description: Add a new group.
[root@orange ~]# grep Linux /etc/group
[root@orange ~]# groupadd Linux
[root@orange ~]# grep Linux /etc/group
Linux:x:5003:
--------------------------------------------------------------------------------------------------
-[student@serverx -]$ sudo groupadd -g 5000 ateam  groupadd groupname without
options uses the next available GID from the range specified in the /etc/login.defs file. The
-g GID option is used to specify a specific GID.
The -r option will create a system group using a GID from the range of valid system GID
numbers listed in the /etc/login.defs file.
groupmod
-[student@serverx -]$ sudo groupmod -n javaapp appusers  The groupmod
command is used to change a group name to a GID mapping. The -n option is used to
specify a new name.
-[student@serverx -]$ sudo groupmod -g 6000 ateam  The -g option is used to specify
a new GID.
groupdel <group_name>
- Description: Delete a group.
[root@orange ~]# groupdel Linux
[root@orange ~]# grep Linux /etc/group
[root@orange ~]#

-[student@serverx -]$ sudo groupdel javaapp  A group may not be removed if it is the

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
9
primary group of any existing user.
As with userdel, check all file systems to ensure that no files remain owned by the group.

File System

/proc  The /proc filesystem contains a illusionary filesystem. It does not exist on a disk.
Instead, the kernel creates it in memory. It is used to provide information about the system
(originally about processes, hence the name).

-Not recommended to use file names containing space as this may cause undesired
command behavior.
-Absolute path of a file must starts with slash (/var/log/messages  the absolute path of
the system log message file)

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
10
 Linux file systems- including, but not limited to, ext4, XFS , BTR FS, GFS2, and
Gluster FS-are case sensitive. Creating FileCase.txt and filecase.txt in the same directory
results in two unique files. Although many non-Linux file systems are supported in Linux,
each has unique file naming rules. For example, the ubiquitous VFAT file system is not
case-sensitive and allows only one of the two example files to be created. However, VFAT,
along with Microsoft's NTFS and Apple's HFS+ , has case preserving behavior. Although
these file systems are not case-sensitive (enforced primarily to support backward
compatibility), they do display file name swith the original capitalization used when the file
was created.

In Red Hat Enterprise Linux 7, four older directories in / now have identical contents as
their counterparts located in /usr:
- /bin and /usr/bin.
- /sbin and /usr/sbin.
- /lib and /usr/lib.
- /lib64 and /usr/lib64.
The directories in / are symbolic links to the matching directories in /usr.
[student@serverX ~]$
1.1.1.2 whoami
- Description: List the current logging user.
[root@orange ~]# whoami

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
11
 root
NB: $  This is not the root user (root user only will be [root@orange ~]#)
--------------------------------------------------------------------------------------------------
1.1.1.3 hostname
- Description: Show the server name.
[mina@orange ~]$ hostname
orange.test
--------------------------------------------------------------------------------------------------
1.1.1.4 pwd
- Description: Print the current working directorty.
[mina@orange ~]$ pwd
/home/mina

NB: If the current working directory ~ this means the home directory of the logging user,
otherwise it wil display the last directory in the current path ([username@hostname Videos]$
the current directory is /home/students/Videos).
--------------------------------------------------------------------------------------------------
cd <directory_name>
- Description: Change directory.
[csp@localhost home]$ pwd
/home
[csp@localhost home]$ cd /home/csp/Desktop
[csp@localhost Desktop]$ pwd
/home/csp/Desktop
[csp@localhost Desktop]$ cd -  return to the previous location
/home
[csp@localhost home]$ cd ~  go to home directory, same as cd without
arguments.
[csp@localhost ~]$ pwd
/home/csp
[csp@localhost ~]$ cd ..
[csp@localhost home]$ pwd
/home
[csp@localhost home]$
ls/ll
- Description: List the directory content.
ls –aiRl /redhat/sysgrp/ List the files.
-a list all the files including the hidden files, the hidden files names start
with (.)
-i  List the inodes of the file.
-R  List the directory content recursively.
-l  List more metadata info. of the file.
-ld  List more metadata info. of the directory (not its contents).
-t  sort by modification time, newest first

ls –Zd <directory name>  show the SELinux of the directory.

ls –l ….
drwx  Directory

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
12
brwx  Block file (/dev/sda)
-rwx  normal file
lrwx  soft link
--------------------------------------------------------------------------------------------------
[csp@localhost Desktop]$ pwd
/home/csp/Desktop
[csp@localhost Desktop]$ ls -l
-rw-rw-r--. 1 csp csp 0 Apr 8 12:20 test
[csp@localhost Desktop]$ ls -ldi
25193 drwxr-xr-x. 2 csp csp 17 Apr 8 12:20 .
[root@localhost ~]# ll /dev/sdb
brw-rw----. 1 root disk 8, 16 Apr 9 05:29 /dev/sdb

[root@localhost ~]# ll
total 8
-rw-r--r--. 1 root root 0 Apr 10 03:07 ana
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 10 03:07 cat1
-rw-r--r--. 1 root root 0 Apr 10 03:07 ghghganajlkjlkj
-rw-r--r--. 1 root root 123 Apr 10 03:01 test
[root@localhost ~]# ls a*
ana anaconda-ks.cfg
[root@localhost ~]# ls *ana*
ana anaconda-ks.cfg ghghganajlkjlkj

[root@localhost ~]# ls [ac]*

ana anaconda-ks.cfg cat1
[root@localhost ~]# ls ????
cat1 test

[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
[root@localhost ~]# touch {file1,file2}.log
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 10 03:41 file1.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file2.log
[root@localhost ~]# touch file{3..6}.log
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 10 03:41 file1.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file2.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file3.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file4.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file5.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file6.log
[root@localhost ~]# touch file{a,b}{1,2}.log
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
13
-rw-r--r--. 1 root root 0 Apr 10 03:41 file1.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file2.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file3.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file4.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file5.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file6.log
-rw-r--r--. 1 root root 0 Apr 10 03:42 filea1.log
-rw-r--r--. 1 root root 0 Apr 10 03:42 filea2.log
-rw-r--r--. 1 root root 0 Apr 10 03:42 fileb1.log
-rw-r--r--. 1 root root 0 Apr 10 03:42 fileb2.log
[root@localhost ~]# touch file.{a..d}
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 10 03:41 file1.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file2.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file3.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file4.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file5.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file6.log
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.a
-rw-r--r--. 1 root root 0 Apr 10 03:42 filea1.log
-rw-r--r--. 1 root root 0 Apr 10 03:42 filea2.log
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.b
-rw-r--r--. 1 root root 0 Apr 10 03:42 fileb1.log
-rw-r--r--. 1 root root 0 Apr 10 03:42 fileb2.log
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.c
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.d
[root@localhost ~]# touch file{a{1,2},b,c,d}.txt
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 10 03:41 file1.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file2.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file3.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file4.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file5.log
-rw-r--r--. 1 root root 0 Apr 10 03:41 file6.log
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.a
-rw-r--r--. 1 root root 0 Apr 10 03:42 filea1.log
-rw-r--r--. 1 root root 0 Apr 10 06:46 filea1.txt
-rw-r--r--. 1 root root 0 Apr 10 03:42 filea2.log
-rw-r--r--. 1 root root 0 Apr 10 06:46 filea2.txt
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.b
-rw-r--r--. 1 root root 0 Apr 10 03:42 fileb1.log
-rw-r--r--. 1 root root 0 Apr 10 03:42 fileb2.log
-rw-r--r--. 1 root root 0 Apr 10 06:46 fileb.txt
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.c
-rw-r--r--. 1 root root 0 Apr 10 06:46 filec.txt
-rw-r--r--. 1 root root 0 Apr 10 06:45 file.d
-rw-r--r--. 1 root root 0 Apr 10 06:46 filed.txt

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
14
cp
- Description: Copy Files/Directories.
[root@orange ~]# pwd
/root
[root@orange ~]# touch Test.txt
[root@orange ~]# ll | grep Test.txt
-rw-r--r--. 1 root root 0 Jan 11 13:49 Test.txt
[root@orange ~]# cp Test.txt /
[root@orange ~]# ll / | grep Test.txt
-rw-r--r--. 1 root root 0 Jan 11 13:49 Test.txt

cp –r  “-r” option is used to copy the directory.

--------------------------------------------------------------------------------------------------
[root@localhost ~]# mkdir test
[root@localhost ~]# touch test/file
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
drwxr-xr-x. 2 root root 17 Apr 10 03:27 test
[root@localhost ~]# ll /home/csp
total 0
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Desktop
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Documents
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Downloads
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Music
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Pictures
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Public
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Templates
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Videos

[root@localhost ~]# cp test /home/csp

cp: omitting directory ‘test’
[root@localhost ~]# cp -r test /home/csp
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
drwxr-xr-x. 2 root root 17 Apr 10 03:27 test
[root@localhost ~]# ll /home/csp
total 0
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Desktop
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Documents
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Downloads
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Music
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Pictures
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Public
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Templates
drwxr-xr-x. 2 root root 17 Apr 10 03:28 test
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Videos
mv
- Description: move/rename files.
[root@orange ~]# touch Test.txt

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
15
[root@orange ~]# ll | grep Test.txt
-rw-r--r--. 1 root root 0 Jan 11 13:49 Test.txt
[root@orange ~]# mv Test.txt TEST
[root@orange ~]# ll | grep Test.txt
[root@orange ~]# ll | grep TEST
-rw-r--r--. 1 root root 0 Jan 11 13:49 TEST
[root@orange ~]# mv TEST /
[root@orange ~]# ll | grep TEST
[root@orange ~]# ll / | grep TEST
-rw-r--r--. 1 root root 0 Jan 11 13:49 TEST
[root@orange ~]#
--------------------------------------------------------------------------------------------------
[root@localhost ~]# mv test test1
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
drwxr-xr-x. 2 root root 17 Apr 10 03:27 test1
[root@localhost ~]# mv test1 /home/csp
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
[root@localhost ~]# ll /home/csp
total 0
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Desktop
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Documents
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Downloads
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Music
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Pictures
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Public
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Templates
drwxr-xr-x. 2 root root 17 Apr 10 03:28 test
drwxr-xr-x. 2 root root 17 Apr 10 03:27 test1
drwxr-xr-x. 2 csp csp 6 Apr 3 13:19 Videos

rm
- Description: Remove File or Directory.
[root@orange ~]# rm /Test
rm: remove regular empty file ‘/Test’? y
[root@orange ~]# ll / | grep Test
[root@orange ~]#

[root@orange mount]# ll
total 0
drwxr-xr-x. 2 root root 6 Jan 9 12:09 mount1
[root@orange mount]# rm -r mount1
rm: remove directory ‘mount1’? y
[root@orange mount]# ll
total 0
[root@orange mount]#
rm –f file  this will remove the file without confirmation (force).
rm –i dir  the opposite of force option it is used to delete the folder content
iteratively.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
16
--------------------------------------------------------------------------------------------------
[root@localhost ~]# ll
total 8
-rw-r--r--. 1 root root 0 Apr 10 03:07 ana
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 10 03:07 cat1
-rw-r--r--. 1 root root 0 Apr 10 03:07 ghghganajlkjlkj
-rw-r--r--. 1 root root 123 Apr 10 03:01 test

[root@localhost ~]# rm ana cat1 ghghganajlkjlkj test

rm: remove regular empty file ‘ana’? y
rm: remove regular empty file ‘cat1’? y
rm: remove regular empty file ‘ghghganajlkjlkj’? y
rm: remove regular file ‘test’? y

[root@localhost ~]# touch test

[root@localhost ~]# rm -f test
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg

[root@localhost ~]# mkdir test

[root@localhost ~]# touch test/file
[root@localhost ~]# ll
total 4
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
drwxr-xr-x. 2 root root 17 Apr 10 03:13 test
[root@localhost ~]# rmdir test
rmdir: failed to remove ‘test’: Directory not empty
[root@localhost ~]# rm test
rm: cannot remove ‘test’: Is a directory
[root@localhost ~]# rm -r test
rm: descend into directory ‘test’? y
rm: remove regular empty file ‘test/file’? y
rm: remove directory ‘test’? y
rmdir
rmdir <dir_name>  used to delete empty directory only.

mkdir <directory_path>
- Description: Create new Folder
[root@orange ~]# mkdir /newdir
[root@orange ~]# ls /
bin boot dev dir1 etc home lib lib64 media mnt newdir opt proc root
run sbin srv sys TESt TEST tmp usr var web
[root@orange ~]#
Touch
mkdir -p  used to create the directory as well as its parent one.
mkdir /Test/”x/c”  we need to write the file name between “”, if the name
contains special character.
mkdir /Test/”c d”
--------------------------------------------------------------------------------------------------

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
17
 touch <File_name>
- Description: updates a file's timestamp to the current date and time without
otherwise modifying it. This is useful for creating empty files.
[root@orange home]# touch newfile
[root@orange home]# ls
fawzy file hi john khaled mina Mina new newfile peter test Test test2
Test_test
[root@orange ~]# touch .hidden
[root@orange ~]# ll | grep hidden
[root@orange ~]# ll -a | grep hidden
-rw-r--r--. 1 root root 0 Jan 11 14:55 .hidden
[root@orange ~]#
--------------------------------------------------------------------------------------------------
cat
- Description: View file content.
[root@orange ~]# cat mina.sh

export OS_USERNAME=KirillosAkram
export OS_USER_DOMAIN_NAME=KirillosAkram
export OS_TENANT_ID=
export OS_IDENTITY_API_VERSION=3
export NOVA_ENDPOINT_TYPE=publicURL
export OS_ENDPOINT_TYPE=publicURL
[root@orange ~]#
--------------------------------------------------------------------------------------------------
more
- Description: similar to cat command, it opens the file, but the difference that more
show the file contents by page, you can go to the next page by pressing SPACE.
[root@orange ~]# more /var/log/messages
Jan 9 10:44:04 orange dhclient[1242]: DHCPACK from 10.0.2.3 (xid=0x10eca753)
Jan 9 10:44:04 orange NetworkManager: DHCPACK from 10.0.2.3 (xid=0x10eca753)
Jan 9 10:44:04 orange dhclient[1242]: bound to 10.0.2.10 -- renewal in 464
seconds.
Jan 9 10:44:04 orange NetworkManager: bound to 10.0.2.10 -- renewal in 464
seconds.
--More--(0%)
--Press “q” to quit, back to the prompt.
--------------------------------------------------------------------------------------------------
1.1.1.5 less
less <file_name> similar to more.
head
by default, open the first 10 lines of the file.
head –n 5 <filename>  use the option “-n” in order to change the default number of lines.
tail
It is especially helpful for reproducing problems and issues to monitor one or more log files
for events. The tail -f /path/to/file command outputs the last 10 lines of the file specified and
continues to output new lines as they get written to the monitored file.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
18
To monitor for failed login attempts on one terminal, run ssh as user root while a user
tries to log in to the serverX machine:
[root@serverX -]# tail -f /var/log/secure
tail –n 5 /etc/passwd  displays the last 5 lines in the file “as –n 5 option is used”
by default, open the last 10 lines of the file.
Pipeline
[root@localhost Desktop]# cat /etc/passwd | grep root
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
File Permissions
In Linux systems the file permissions are as follows:
- Read (r)  You can read the file contents.
- Write (w)  You can write into a file.
- Execute (x)  You can execute any executable file, you can run the file “condsidering the
file is a program”.

These Permissions are applied in 3 different categories:

- Owner Permissions: The permission that will be applied in case the file owner is accessing
the file.
- Group Permissions: The permissions that will be applied in case a user in the file group is
accessing the file.
- Other Permissions: The permissions that will be applied in case a user (that is not owning
the file nor in the file group) is accessing the file.

[root@orange Documents]# ll
total 0
-rw-r--r--. 1 root root 0 Jan 12 11:04 Test
In this case the owner of the file is root and his permissions are read & write, the group of
the file is root and the group permissions is read only, the other users have permissions
read only as well.

chown
- Description: Change the ownership/group of a file.
[root@orange mount]# ll
total 0
-rw-r--r--. 1 root root 0 Jan 9 11:33 Test
[root@orange mount]# chown mina:sales Test
[root@orange mount]# ll
total 0
-rw-r--r--. 1 mina sales 0 Jan 9 11:33 Test

In this case the owner of the file is changed from root to mina, while the group
is changed from root to sales.

[root@orange mount]# chown test Test

[root@orange mount]# ll
total 0
-rw-r--r--. 1 test sales 0 Jan 9 11:33 Test

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
19
In this case I just changed the owner of the file to test

[root@orange mount]# chown :test Test

[root@orange mount]# ll
total 0
-rw-r--r--. 1 mina test 0 Jan 9 11:33 Test

In this case I just changed the group of the file to test group

chown –R username <dir_name>  will change to ownership to all the contents of

the directory.

chgrp
chgrp groupname <dir_name>  change the group ownership, we can use chown.
chgrp groupname <dir_name> = chown :groupname <dir_name>

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
20
chmod
- Description: Change the permissions of a file.
Numeric representation
[root@orange mount]# ll
total 0
-rw-r--r--. 1 mina sales 0 Jan 9 11:33 Test
[root@orange mount]# chmod 777 Test
[root@orange mount]# ll
total 0
-rwxrwxrwx. 1 mina sales 0 Jan 9 11:33 Test
[root@orange mount]#

In this case we changed the permissions for the owner by 7 (rwx), group by 7 (rwx)
& other by 7 (rwx).

4  read
2  write
1  execute

Symbolic representation
chmod go-rw <file_name>
in this case I remove the read & write permissions from the (g)group and (o)other.

chmod a+x <file_name>

in this case I am adding the execute permission to all the categories (owner,
group & other)

chmod -R g+rwX demodir  this will recursively apply the permissions on all the
tree under demodir, X will apply execute on directories only, not files.
--------------------------------------------------------------------------------------------------
umask
The system default umask values for Bash shell users are defined in the /etc /profile and
/etc/bashrc files. Users can override the system defaults in their .bash_profile and
.bashrc files, these are hidden files found in user home directory.

.bash_profile is executed for login shells, while .bashrc is executed for interactive non-login
shells. When you login (type username and password) via console, either sitting at the
machine, or remotely via ssh: .bash_profile is executed to configure your shell before the
initial command prompt.

For shell types

https://unix.stackexchange.com/questions/38175/difference-between-login-shell-and-non-
login-shell

- Description: used for determining the default permission for a new file creation.
[root@orange Documents]# umask
0022
[root@orange Documents]# touch Test
[root@orange Documents]# ll
total 0
-rw-r--r--. 1 root root 0 Jan 12 11:04 Test

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
21
[root@orange Documents]# mkdir TEST
[root@orange Documents]# ll
total 0
drwxr-xr-x. 2 root root 6 Jan 12 11:04 TEST
-rw-r--r--. 1 root root 0 Jan 12 11:04 Test.rpm
[root@orange Documents]#

Mask shows the permissions that will be masked, not the permssions that will be permitted.
ACL
Specifiy unique permissions for a user or a group.
getfacl
in order to list the current ACL for a file/directory
[test@localhost perm.test]$ getfacl test
# file: test
# owner: test
# group: test
user::rwx
group::rw-
other::rw-
[test@localhost perm.test]$ ll test
-rwxrw-rw-. 1 test test 0 Jun 13 15:49 test

in this example there is no acl set for this file.

[test@localhost perm.test]$ setfacl -m u:csp:rwx test

[test@localhost perm.test]$ getfacl test
# file: test
# owner: test
# group: test
user::rwx
user:csp:rwx
group::rw-
mask::rwx
other::rw-

[test@localhost perm.test]$ ll test

-rwxrwxrw-+ 1 test test 0 Jun 13 15:49 test
[test@localhost perm.test]$

In this case there is ACL set on this file (user:csp:rwx.

setfacl
This is used to set ACL for a file.

Modify the ACL entries

# setfacl - m g:name:rw file  set ACL for a group.

# setfacl - m o::- file  set ACL for other only.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
22
# setfacl - m u:name:rX, g:name:rw,o::- file set ACL for
group, user, other.
# setfacl - m u::rw file  If name is left blank, then it applies to
the file owner using chmod on the file owner permissions is equivalent to
using setfacl on the file owner permissions. chmod has no effect on named
users.

# setfacl - m m::r file  set the mask to read only

# getfacl file-A | setfacl --set-file=- file-B  replicate the ACL
of file A to file B.

[root@localhost perm.test]# ll
total 4
-rwxrwxrw-+ 1 test test 0 Jun 13 15:49 test
-rw-r--r--. 1 root root 0 Jun 14 09:29 test2
[root@localhost perm.test]# getfacl test | setfacl --set-file=-
test2
[root@localhost perm.test]# ll
total 8
-rwxrwxrw-+ 1 test test 0 Jun 13 15:49 test
-rwxrwxrw-+ 1 root root 0 Jun 14 09:29 test2
[root@localhost perm.test]#

# setfacl –R -m u:name:rX dir  set the ACL recursive on the

directory, capital X, means add the execute permission for the directory
only not files, so in this case it will add read-only permission to the
file.

Delete ACL enteries

# setfacl - x u:name, g:name file  delete ACL on a file.

# setfacl - b file  delete all ACL on a file / directory “including the default ACL”
# setfacl - m d:u:name:rx directory  Edit the default ACL
# setfacl - x d:u:name directory  Delete the default ACL
# setfacl - k /directory  delete all the default ACLs for a directory

ACL Mask
Mask settings show the maximum permissions possible for all named
users, the group-owner and named groups, only file owner and others
are not effected by the mask permissions.

# getfacl <file/directory>  shows the owner, group, sticky bit,

permissions, ACL, umask.
# file : .  this is directory
# file : roster.txt  this is file
# flag s : - s -  If there are any additional directory flags (
setuid, setgid, sticky), then a fourth comment line will appear
showing the set flags - in this case, setgid.
user :1005 : rwx #effective : rw-
group : 2210 : rwx #effective : rw-
mask : : rw-

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
23
UID 1005 has rwx, but the mask limits the effective permissions to
rw only.

Default ACL
Default section will appear for directories only, the default ACL
applied on the drectories will be inherated to any newly created
file in this directory.

default:user::rwx
default:user:james:---
default:group::rwx
default:group:sodor:r–x
default:mask::rwx
default:other::---

Special Permissions
If you need to control your permissions byond the normal linux permissions then you need
to use the Special Permissions.
Stickybit (on directory)
When applying permissions to directories on Linux, the permission bits have different
meanings than on regular files.

• The read bit (r) allows the affected user to list the files within the directory
• The write bit (w) allows the affected user to create, rename, or delete files within the
directory, and modify the directory's attributes
• The execute bit (x) allows the affected user to enter the directory, and access files and
directories inside
• The sticky bit (T, or t if the execute bit is set for others) states that files and directories
within that directory may only be deleted or renamed by their owner (or root

[mina@localhost test]$ ll -d /test

drwxrwxr--. 2 root root 17 Apr 7 06:29 /test
[mina@localhost test]$ ls -l /test
ls: cannot access /test/test: Permission denied
total 0
?????????? ? ? ? ? ? test
[mina@localhost test]$ ll -d /test
drwxrwxr-x. 2 root root 17 Apr 7 06:29 /test
[mina@localhost test]$ ls -l /test
total 4
-rwxr--rwx. 1 mina mina 90 Apr 7 06:29 test
[mina@localhost test]$ touch testfile
touch: cannot touch ‘testfile’: Permission denied
[mina@localhost test]$ ls -ld /test
drwxrwxrwx. 2 root root 17 Apr 7 06:29 /test
[mina@localhost test]$ touch testfile
[mina@localhost test]$ ls -l /test
total 4

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
24
-rwxr--rwx. 1 mina mina 90 Apr 7 06:29 test
-rw-rw-r--. 1 mina mina 0 Apr 7 06:39 testfile
[mina@localhost test]$

The sticky bit for a directory sets a special restriction on deletion of files: Only the owner of
the file (and root ) can delete files within the directory. An example is /tmp:
exit
ls –ld /tmp
drwxrwxrwt
Symbolically: sticky=o+t
Numerically (fourth preceding digit): sticky=1
# chmod 1777 <dir_name>
# chmod o+t <dir_name>
setgid on directory
setgid on a directory means that files created in the directory will inherit the group affiliation
from the directory, rather than inheriting it from the creating user.
A file may be removed by anyone who has write permission to the directory in which the file
resides, regardless of the ownership or permissions on the file itself.
Symbolically: setgid=g+s
Numerically (fourth preceding digit): setgid= 2
# chmod 2777 <dir_name>
# chmod g+s <dir_name>
setuid/setgid on executable files
The setuid (or setgid) permission on an executable file means that the command will run as
the user ( or group) of the file, not as the user that ran the command. One example is the
passwd command:
ls –l /usr/bin/passwd
-rws
Symbolically: setuid=u+s; setgid=g+s
Numerically (fourth preceding digit): setuid=4; setgid= 2
# chmod 4777 <file_name>
# chmod u+s <file_name>

Permissions Scenario
rx permissions on directory
Any directory needs read and execute permissions in order to cd it
[mina@localhost test]$ ll -d /test
drwxrwxr--. 2 root root 17 Apr 7 06:29 /test

in this scenario mina user is from the others, so he has read access
on the directory but not execute so he can’t cd the directory.

[mina@localhost test]$ ls -l /test

ls: cannot access /test/test: Permission denied
total 0

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
25
?????????? ? ? ? ? ? test

As u see he can’t use commands like ls, cd on the directory now let
us give others the execute permission

[mina@localhost test]$ ll -d /test

drwxrwxr-x. 2 root root 17 Apr 7 06:29 /test
[mina@localhost test]$ ls -l /test
total 4
-rwxr--rwx. 1 mina mina 90 Apr 7 06:29 test

As u see now he has rx on the directory so he can ls the directory

[mina@localhost test]$ touch testfile

touch: cannot touch ‘testfile’: Permission denied

As mina needs write permission so he can create a file in the

directory.

[mina@localhost test]$ ls -ld /test

drwxrwxrwx. 2 root root 17 Apr 7 06:29 /test
[mina@localhost test]$ touch testfile
[mina@localhost test]$ ls -l /test
total 4
-rwxr--rwx. 1 mina mina 90 Apr 7 06:29 test
-rw-rw-r--. 1 mina mina 0 Apr 7 06:39 testfile
[mina@localhost test]$

As we added the write permission to other (mina), now he can create

a new file in the directory.

[ACL] Default permissions

I set default ACL on the directory

[csp@localhost defaultper]$ setfacl -m d:u::r .

[csp@localhost defaultper]$ setfacl -m d:g::r .
[csp@localhost defaultper]$ setfacl -m d:o::r .
[csp@localhost defaultper]$ getfacl .
# file: .
# owner: csp
# group: csp
user::rwx
group::rwx
other::r-x
default:user::r--
default:user:csp:r--
default:user:mina:r--
default:group::r--
default:mask::r--
default:other::r--

As u see the newly created file in the directory got the Default ACL
from the directory instead of getting it from umask

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
26
[csp@localhost defaultper]$ ll
[csp@localhost defaultper]$ touch test1
[csp@localhost defaultper]$ ll
-r--r--r--+ 1 csp csp 0 Apr 19 06:38 test1
[csp@localhost defaultper]$ umask
0002

In this case I removed the default ACL related to the owner part, so
when creating a new file it gets the permissions from umask for the
owner part, while for the group and other it took it from the
default ACL.

[csp@localhost defaultper]$ setfacl -x d:u: .

[csp@localhost defaultper]$ touch test2
[csp@localhost defaultper]$ ll
-r--r--r--+ 1 csp csp 0 Apr 19 06:38 test1
-rw-r--r--+ 1 csp csp 0 Apr 19 06:41 test2
[csp@localhost defaultper]$ umask
0002

[ACL] I am the Owner

In this scenario we have a file owned by user named csp and it’s
group is csp as well.
csp group is the primary group of csp user.
In our case the owner will have no permissions on the file also his
group has permissions and he is mentioned in the ACL with full
permessions and even others have full permissions but still the user
can’t access.

If you are the file owner, you will get the permissions of the Owner
Only, whatever what is set for the group, other or even ACL.

[csp@localhost test]$ ll
----rwxrwx. 1 csp csp 0 Apr 7 05:03 test
[csp@localhost test]$ id
uid=1000(csp) gid=1000(csp) groups=1000(csp)
[csp@localhost test]$ cat test
cat: test: Permission denied
[csp@localhost test]$ grep mina /etc/passwd > test
bash: test: Permission denied
[csp@localhost test]$ setfacl -m u:csp:rwx test
[csp@localhost test]$ getfacl test
# file: test
# owner: csp
# group: csp
user::---
user:csp:rwx
group::rwx
mask::rwx
other::rwx
[csp@localhost test]$ cat test
cat: test: Permission denied

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
27
[csp@localhost test]$ grep mina /etc/passwd > test
bash: test: Permission denied
[csp@localhost test]$

[ACL] I am a member in a group or other

If you are in the group or other, system will apply ACL.
In this case we have user named mina, a member in group csp, when I
applied ACL on the user, the ACL is applied not the group
permissions.

[mina@localhost test]$ ll
----rwxrwx. 1 csp csp 0 Apr 7 05:03 test
[mina@localhost test]$ id
uid=1001(mina) gid=1002(mina)
groups=1002(mina),1000(csp),1001(sales)
[mina@localhost test]$ grep mina /etc/passwd > test
[mina@localhost test]$ cat test
mina:x:1001:1002::/home/mina:/bin/bash
[csp@localhost test]$ setfacl -m u:mina:r test
[csp@localhost test]$ getfacl test
# file: test
# owner: csp
# group: csp
user::---
user:csp:rwx
user:mina:r--
group::rwx
mask::rwx
other::rwx
[mina@localhost test]$ grep csp /etc/passwd > test
bash: test: Permission denied
[mina@localhost test]$ cat test
mina:x:1001:1002::/home/mina:/bin/bash
[mina@localhost test]$

Summery
Linux basic permissions
Linux permissions are applied on files and directories.
Linux permissions are rwx.
These permissions are applied on 3 categories:
- file owner
- file group
- others
Change permissions
In order to change the permissons, we use chmod command
chmod 741 <filename>  in this case we give rwx for the owner, r-- for the group & --x for
others.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
28
Change Ownership
To change the ownership of the file (owner & group), we use chown command
chown <user>:<group> <filename>
Default Permissions
umask command is used to show the default permissions.

ACL
Used to specify a specific user/group from others and give him specific permissions.
Special permissions
On Directory:
Sticky bit: it is used to let only the owner of the file to delete the file in the directory.
Set group id: it is used to let any new created file take the group ownership from the
directory not the user created the file “default case”.
On File:
Set user id/set group id: it is used to let the system consider the user executing the file as if
he is the owner or his group is the group of the file.

vi <File_name>
- Description: Most popular Linux file editor.
[root@orange home]# vi newfile
Default mode is the Command mode
i  Enter insert mode, with the cursor at the same position.
I  Enter insert mode, move the cursor to the start of the line.
A  Enter insert mode, move the cursor to the end of the line.
a  Enter insert mode, move the cursor to the next character.
o  Enter insert mode, and make new line below the cursor position.
O  Enter insert mode, and make new line above the cursor position.
ESC  return to command mode from insert mode.
vimtutor open vim help
vim stands for vi improved, with vim u will get same vi features plus new added
features, for more info please check this link:
https://www.vim.org/viusers.php
Commands in Command mode
:wq! or x!  to save & quit the file.
:w  save the file, without exiting.
:set number  view the line number
:<number>  Jump to a specific line
j  move the cursor down one line at time
k  move the cursor up one line at time
h  move the cursor left one line at time
l  move the cursor right one line at time
dd  delete the current line
dd<number>  delete an number of lines starting from the one u are on.
gg  Move to first line.
G  Move to last line.
^  Move to beginning of the current line.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
29
$  Move to end of the current line.
:q! Quit the file ignoring unsaved changes.
w  Move cursor to next word.
All movement command scan be prefixed by typing a number, e.g., 5w to move the cursor
five words.
b  Move cursor to previous word.
(  Move cusor to previous sentence.
)  Move cursor to next sentence.
{  Move cursor to previous paragraph.
}  Move cursor to next paragraph.
u  undo the last action.
Ctrl+ r will redo the last undo.
/<keyword> search for a word forward from the cursor position
? <keyword>  search for a word backword from the cursor position
-n  next occurrence.
-N  previous occurrence.
:%s/\<cat\>/dog/gi
search for every occurrence of the word "cat" and replace it with "dog" in all lines,
regardless of case, but only if it's a full word, and not in something like "catalog"

g to enable replacing more than one occurrence of pattern per line, and i, to make the
current search case-insensitive.
% for all the lines in the current document (search and replace normally only works on the
current line)
In vi editor, the space is not a special character.
Commands in INSERT mode
Home  go to the first of the line.
End  go to the end of the line.
Ctrl+w  delete till the nearest space.

At the bottom right, you will see the current cursor position(line,character),and what part of
the file lis being displayed(All for all,Top for the first lines of a file, Bot for the bottom of a
file,or a percentage to indicate where in the file you are).The bottom line is called the Ruler
in vim terms.

Start from Replacing text

--------------------------------------------------------------------------------------------------

Coomands in Visual mode

To enter/exit visual mode (v, V or Ctrl-v) is used.
In Vim, copy and paste is known as yank and put, using command characters y and p.
Begin by positioing the cursor on the first character to be selected, then enter visual mode.
Use arrow keys to expand the visual selection. When ready, press y to yank the selection in
to memory.
Position the cursor at the new location, then press p to put the selection at the cursor.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
30
1.2 Grep and regular expressions
- Description: Search for a keyword in a file.
[root@orange mount]# ll | grep mina
-rw-r--r--. 1 root root 0 Jan 11 15:53 mina
:[root@orange mount]# ll | grep -i mina
-rw-r--r--. 1 root root 0 Jan 11 15:53 mina
-rw-r--r--. 1 root root 0 Jan 11 15:53 Mina
[root@orange mount]#
1.2.1 grep options
[root@localhost ~]# cat test
Mina
mina
cat
dog
catajfgAJKGFajskfgjGSAFJafjagsjkfa
asjfAGDFJKAGFJAGSJKGSADFJKGASFJKGASFJKCAT
KJSAGDFVJKagfjkAGFJgfjkacat

[root@localhost ~]# grep mina test

mina
[root@localhost ~]# grep -i mina test
Mina
mina

[root@localhost ~]# grep -ie mina -e cat -e dog test

Mina
mina
cat
dog
catajfgAJKGFajskfgjGSAFJafjagsjkfa
asjfAGDFJKAGFJAGSJKGSADFJKGASFJKGASFJKCAT
KJSAGDFVJKagfjkAGFJgfjkacat
[root@localhost ~]# grep -e mina -e cat -e dog test
mina
cat
dog
catajfgAJKGFajskfgjGSAFJafjagsjkfa
KJSAGDFVJKagfjkAGFJgfjkacat

[root@localhost ~]# grep -E "vmx|svm|nx" /proc/cpuinfo

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb
rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable
nonstop_tsc eagerfpu pni pclmulqdq vm ssse3 fma cx16 pcid sse4_1
sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c
rdrand hypervisor lahf_lm abm 3dnowprefetch arat xsaveopt tpr_shadow
vnmi ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid
rtm rdseed adx smap
[root@localhost ~]# grep dog test
dog
[root@localhost ~]# grep -A 1 -B 2 dog test
mina

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
31
cat
dog
catajfgAJKGFajskfgjGSAFJafjagsjkfa

[root@localhost ~]# grep ^cat test

cat
catajfgAJKGFajskfgjGSAFJafjagsjkfa
[root@localhost ~]# grep cat$ test
KJSAGDFVJKagfjkAGFJgfjkacat

[root@localhost ~]# grep '^cat$' test

cat

[root@localhost ~]# cat test

Mina
mina
cat
dog
catajfgAJKGFajskfgjGSAFJafjagsjkfa
asjfAGDFJKAGFJAGSJKGSADFJKGASFJKGASFJKCAT
KJSAGDFVJKagfjkAGFJgfjkacat
coat
cold
ct
cot
cut

[root@localhost ~]# grep c[aou]t test

cat
catajfgAJKGFajskfgjGSAFJafjagsjkfa
KJSAGDFVJKagfjkAGFJgfjkacat
cot
cut
[root@localhost ~]# grep c.t test
cat
catajfgAJKGFajskfgjGSAFJafjagsjkfa
KJSAGDFVJKagfjkAGFJgfjkacat
cot
cut

[root@localhost ~]# grep c[aou]t test

cat
catajfgAJKGFajskfgjGSAFJafjagsjkfa
KJSAGDFVJKagfjkAGFJgfjkacat
cot
cut

[root@localhost ~]# grep r.*t /etc/passwd

root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
32
unbound:x:998:996:Unbound DNS
resolver:/etc/unbound:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-
autoipd:/sbin/nologin
saslauth:x:996:76:"Saslauthd user":/run/saslauthd:/sbin/nologin
libstoragemgmt:x:995:994:daemon account for
libstoragemgmt:/var/run/lsm:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
gnome-initial-setup:x:993:991::/run/gnome-initial-
setup/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin

[root@localhost ~]# grep "c.\{2\}t" test

coat
[root@localhost ~]# grep 'c.\{2\}t' test
coat
[root@localhost ~]#

[root@localhost ~]# ll
total 8
-rw-------. 1 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 144 Apr 11 22:33 test
[root@localhost ~]# mkdir dir
[root@localhost ~]# cp test dir
[root@localhost ~]# grep c.t .
grep: .: Is a directory
[root@localhost ~]# grep c.t *
anaconda-ks.cfg:bootloader --location=mbr --boot-drive=sda
grep: dir: Is a directory
test:cat
test:catajfgAJKGFajskfgjGSAFJafjagsjkfa
test:KJSAGDFVJKagfjkAGFJgfjkacat
test:cot
test:cut
[root@localhost ~]# grep -r c.t *
anaconda-ks.cfg:bootloader --location=mbr --boot-drive=sda
dir/test:cat
dir/test:catajfgAJKGFajskfgjGSAFJafjagsjkfa
dir/test:KJSAGDFVJKagfjkAGFJgfjkacat
dir/test:cot
dir/test:cut
test:cat
test:catajfgAJKGFajskfgjGSAFJafjagsjkfa
test:KJSAGDFVJKagfjkAGFJgfjkacat
test:cot
test:cut
[root@localhost ~]#

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
33
1.2.2 File Globbing

ls a*  list all files start with a

ls *a*  list files with a in their names.
ls [ac]*  list files start with a or c
ls ????  list files whose names composed of 4 charecters.
ls ?????  list files whose names composed of 5 characters.
ls ~/dir  list contents of directory named “dir” under home directory.
echo {Sunday, Monday , Tuesday , Wednesday} .log
Sunday.log Monday.log Tuesday.log Wednesday.log
echo file{1..3}.txt
file1.txt file2.txt file3.txt
echo file{a .. c} . txt
echo file{a, b}{l, 2}.txt
echo file{a{l, 2}, b, c }.txt
echo Today is ' date +%A' .
echo The time is $ ( date +%M } minutes past $ ( date +%l %p ) .
host=$( hostname ) ; echo $host
echo " * * * * * h o s t n ame is $ { h o s t }******”
echo ‘ * * * * * h o s t n ame is $ { h o s t }******’
echo Your username variable is \$USER .
1.2.3 For more info.
Check these commands:
- zgrep
- exec
- pgrep

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
34
Archiving & zipping
Zipping
Gzip, Bzip2 and XZ are all popular compression tools used in Linux operating systems.
xz takes a lot more time while bzip2 only takes a little longer than gzip and compresses a
fair amount better, while the difference between bzip2 and xz is less than the difference
between bzip2 and gzip making bzip2 a good trade off for compression.
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
gzip
[root@localhost ~]# gzip test  compress test file using gzip
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 1038 Apr 12 01:38 test.gz
gunzip
[root@localhost ~]# gunzip test.gz
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
bzip2
[root@localhost ~]# bzip2 test  compress test file using bzip2
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 1077 Apr 12 01:38 test.bz2
[root@localhost ~]# bunzip2 test.bz2
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
xz
[root@localhost ~]# xz test  compress test file using xz
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 1096 Apr 12 01:38 test.xz
unxz
[root@localhost ~]# unxz test.xz
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
[root@localhost ~]#

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
35
Archiving
An archive is a single file that contains any number of individual files plus information to
allow them to be restored to their original form by one or more extraction programs.
Archives are convenient for storing files.
[root@localhost ~]# ll
total 8
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 12 05:12 file1
-rw-r--r--. 1 root root 0 Apr 12 05:12 file2
-rw-r--r--. 1 root root 0 Apr 12 05:12 file3
-rw-r--r--. 1 root root 0 Apr 12 05:12 file4
-rw-r--r--. 1 root root 0 Apr 12 05:12 file5
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
drwxr-xr-x. 2 root root 6 Apr 12 05:12 TEST
[root@localhost ~]# xz TEST  compressing used for files only (not
directories)
xz: TEST: Is a directory, skipping
tar cvf
[root@localhost ~]# tar cvf TEST.tar TEST file1 file2 file3
TEST/
file1
file2
file3

in this command we put these files (file1, file2, file3)and this

directory (TEST) into a single archive file called (TEST.tar).
command options:
c  create
v  verbose, to show me the archiving progress while the command is
running.
f  tells tar to create an archive file, u should put the archive
file name directly after f option.

[root@localhost ~]# ll
total 20
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 12 05:12 file1
-rw-r--r--. 1 root root 0 Apr 12 05:12 file2
-rw-r--r--. 1 root root 0 Apr 12 05:12 file3
-rw-r--r--. 1 root root 0 Apr 12 05:12 file4
-rw-r--r--. 1 root root 0 Apr 12 05:12 file5
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
drwxr-xr-x. 2 root root 6 Apr 12 05:12 TEST
-rw-r--r--. 1 root root 10240 Apr 12 05:13 TEST.tar
tar xf
[root@localhost ~]# tar xf TEST.tar
[root@localhost ~]# ll
total 20
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 12 05:12 file1
-rw-r--r--. 1 root root 0 Apr 12 05:12 file2

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
36
-rw-r--r--. 1 root root 0 Apr 12 05:12 file3
-rw-r--r--. 1 root root 0 Apr 12 05:12 file4
-rw-r--r--. 1 root root 0 Apr 12 05:12 file5
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
drwxr-xr-x. 2 root root 6 Apr 12 05:12 TEST
-rw-r--r--. 1 root root 10240 Apr 12 05:13 TEST.tar

This command extracts the tar file, take care u need to extract the
file in a new directory as if there is an old file in the directory
with the same name of another file in the tar, the tar will
overwrite the existing file
tar tf
[root@localhost ~]# tar tf TEST.tar
TEST/
file1
file2
file3

This command show the tar contents without extracting it.

Create compressed tar

[root@localhost ~]# tar czf TEST.tar TEST test file1
[root@localhost ~]# ll
total 12
-rw-------. 2 root root 2777 Apr 3 15:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 0 Apr 12 05:12 file1
-rw-r--r--. 1 root root 0 Apr 12 05:12 file2
-rw-r--r--. 1 root root 0 Apr 12 05:12 file3
-rw-r--r--. 1 root root 0 Apr 12 05:12 file4
-rw-r--r--. 1 root root 0 Apr 12 05:12 file5
-rw-r--r--. 1 root root 3012 Apr 12 01:38 test
drwxr-xr-x. 2 root root 6 Apr 12 05:12 TEST
-rw-r--r--. 1 root root 1193 Apr 12 05:21 TEST.tar
[root@localhost ~]#

[root@serverx -]$ tar czf /root/etcbackup.tar.gz /etc  Create a gzip-compressed (z

option) tar archive /root/etcbackup.tar.gz of the /etc directory on server.
[root@serverx -]$ tar cjf /root/logbackup.tar.bz2 /var/log  Create a bzip2-
compressed (j option) tar archive /root/logbackup.tar.bz2 of the /var/log directory on server.
[root@serverx -]$ tar cJf /root/logbackup.tar.xz /var/log  Create a xz-compressed (J
option) tar archive /root/sshconfig.tar.xz of the /etc/ssh directory on server.
Extarct compressed tar
[root@serverX etcbackup]$ tar xzf /root/etcbackup.tar.gz  a gzip-compressed (z
option)
[root@serverX etcbackup]$ tar xjf /root/etcbackup.tar.bz2  a bzip2-compressed (j
option)
[root@serverX etcbackup]$ tar xJf /root/etcbackup.tar.xz  a xz-compressed (J option)
NB: To successfully extract the archive, it is usually not necessary to use the same
compression option used when creating the archive, as the tar command will determine

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
37
 which compression was used. It is valid to add the decompression method to the tar
options

[root@host -]# tar cf /root/etc.tar /etc

tar: Removing leading '/' from member names
[root@host -]#
NB: For tar to be able to archive the selected files, it is mandatory that the user executing
the tar command is able to read the file(s). An unprivileged user could create an archive of
the /etc folder, but the archive would omit files which do not include read permission for the
user and it would omit directories which do not include both read and execute permission
for the user.
NB: While tar stores ownership and permissions of the files, there are other attributes that
are not stored in the tar archive by default, such as the SELinux context and ACLs. To store
those extended attributes in the tar archive, the --xattrs option is required when creating an
archive.
- Extract the archive /root/etc.tar to the /root/etcbackup directory:
[root@host ~]# mkdir /root/etcbackup
[root@host ~]# cd /root/etcbackup
[root@host etcbackup]# tar xf /root/etc.tar extract the tar file “x  extract, f 
filename”.
NB: A tar archive should normally be extracted in an empty directory to ensure it does not
overwrite any existing files. If files are extracted by root, tar attempts to preserve the
original user and group ownership of the files. If a regular user extracts files using tar, the
extracted files are owned by that user.
[root@host ~]#mkdir /root/scripts
[root@host ~]#cd /root/scripts
[root@host scripts]# tar xpf /root/myscripts.tar  “x extract, ppreserve
permission, f filename”
NB: By default. when files get extracted from an archive, the umask is subtracted from the
permissions of archive content. This is a security measure and prevents extracted regular
files from receiving execute permissions by default. To preserve the permissions of an
archived file, the p option is to be used when extracting an archive.
1.3 Network
The combination of the service port, protocol and IP address forms a socket.
Each packet has a source socket and a destination socket.
Ip a
Description: show the interfaces of the server, as well as their ip configuration.

[root@localhost Desktop]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
38
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 00:0c:29:25:22:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.188.134/24 brd 192.168.188.255 scope global dynamic ens33
valid_lft 5436813sec preferred_lft 5436813sec
inet6 fe80::20c:29ff:fe25:22a1/64 scope link
valid_lft forever preferred_lft forever

[root@localhost Desktop]# ip addr show ens33

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
link/ether 00:0c:29:25:22:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.188.134/24 brd 192.168.188.255 scope global dynamic ens33
valid_lft 5436734sec preferred_lft 5436734sec
inet6 fe80::20c:29ff:fe25:22a1/64 scope link
valid_lft forever preferred_lft forever

ip –s link show
Description: Show statistics for network performance.

[root@localhost Desktop]# ip -s link show ens33

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode
DEFAULT qlen 1000
link/ether 00:0c:29:25:22:a1 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
868834674 720533 0 0 0 0
TX: bytes packets errors dropped carrier collsns
13941758 226716 0 0 0 0

ip route
Description: Show the local routing table on the server

[root@localhost Desktop]# ip route

default via 192.168.188.2 dev ens33 proto static metric 1024
192.168.188.0/24 dev ens33 proto kernel scope link src 192.168.188.134
[root@localhost Desktop]#

Ifconfig
- Description: This Command is similar to ip a command used for Redhat 6.
[root@orange ~]# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.10 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fe9d:7006 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:9d:70:06 txqueuelen 1000 (Ethernet)
RX packets 135 bytes 15248 (14.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 170 bytes 16731 (16.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
39
 inet 192.168.172.99 netmask 255.255.255.0 broadcast 192.168.172.255
inet6 fe80::a00:27ff:feca:23f8 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:ca:23:f8 txqueuelen 1000 (Ethernet)
RX packets 389 bytes 54817 (53.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 270 bytes 52897 (51.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 248 (248.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 248 (248.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500

inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether d6:cf:f0:0c:30:9d txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@orange ~]#
--------------------------------------------------------------------------------------------------
ethtool
Description: Show the configuration of any port

[root@localhost Desktop]# ethtool eno16777736

Settings for eno16777736:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: off (auto)
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
40
 drv probe link
Link detected: yes
[root@localhost Desktop]#
ss/netstat
Description: Show the open ports on the server as well as the opened connections

[root@localhost Desktop]# ss -at

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:smtp *:*
LISTEN 0 50 *:microsoft-ds *:*
LISTEN 0 64 *:nfs *:*
LISTEN 0 50 *:netbios-ssn *:*
LISTEN 0 64 *:37903 *:*
LISTEN 0 128 *:sunrpc *:*
LISTEN 0 128 *:mountd *:*
LISTEN 0 128 *:60883 *:*
LISTEN 0 128 *:ssh *:*
[root@localhost Desktop]# ss -at | grep ssh
LISTEN 0 128 *:ssh *:*
ESTAB 0 0 192.168.188.134:ssh 192.168.188.133:44816

netstat command is similar to ss command.

[root@localhost Desktop]# netstat

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.188.134:ssh 192.168.188.133:44816 FIN_WAIT2
……..

Options for ss/netstat:

-n, --numeric don't resolve service names
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-p, --processes show process using socket
-a, --all display all sockets
-l, --listening display listening sockets

/etc/services
A list of well-known and registered ports can be found in the /etc/services file.

[root@localhost Desktop]# tail /etc/services

3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
matahari 49000/tcp # Matahari Broker

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
41
nmap
Description: check if a specific port is opened on a remote server.

[root@localhost Desktop]# nmap –p 22 192.168.188.133

Starting Nmap 6.40 ( http://nmap.org ) at 2019-04-19 03:09 PDT

Nmap scan report for 192.168.188.133
Host is up (0.00057s latency).
PORT STATE SERVICE
22/tcp open ssh

MAC Address: 00:0C:29:C1:70:B5 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds

[root@localhost Desktop]#

traceroute
Description: check the route between 2 servers.

[root@localhost Desktop]# traceroute 192.168.188.133

traceroute to 192.168.188.133 (192.168.188.133), 30 hops max, 60 byte
packets
1 192.168.188.133 (192.168.188.133) 0.611 ms 0.362 ms 0.386 ms

tracepath access.redhat.com  use UDP packets to test.

traceroute –I/-T access.redhat.com  UDP is default, I for ICMP and T for
TCP.

Each line in the output of tracepath represents a router or hop that the
packet passes through between the source and the final destination.
Additional information is provided as available, including the round trip
timing(RTT) and any changes in the maximum transmission unit (MTU) size.
For each hop, there are three RTT values (the default of TRACERT is to send
3 data packets to test each hop).

ping
[root@localhost Desktop]# ping -c3 192.168.188.133
PING 192.168.188.133 (192.168.188.133) 56(84) bytes of data.
64 bytes from 192.168.188.133: icmp_seq=1 ttl=64 time=0.439 ms
64 bytes from 192.168.188.133: icmp_seq=2 ttl=64 time=1.03 ms
64 bytes from 192.168.188.133: icmp_seq=3 ttl=64 time=1.10 ms

--- 192.168.188.133 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.439/0.860/1.104/0.300 ms

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
42
-c option is used in order to define the number of packets that the
ping command will send, if this option is not specified, then the ping
command will continue to send packets till u stop it using Ctrl+C.

nmcli
A device is a network interface.
A connection is a configuration used for a device which is made up of a collection of
settings.
Multiple connections may exist for a device, but only one may be active at
a time.

con show
[root@localhost Desktop]# nmcli conn show  List all the connections on
the system.

NAME UUID TYPE DEVICE

Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet ens33
eno16777736 c563813d-d308-4988-9891-3c2556c4d60f 802-3-ethernet --

[root@localhost Desktop]# nmcli conn show –active  Just show the active
connectios (applied on a network interface).

NAME UUID TYPE DEVICE

Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet ens33

[root@localhost Desktop]# nmcli conn show "Auto Ethernet" | grep IP 

Show the details of a specific configuration.

IP4.ADDRESS[1]: ip = 192.168.188.134/24, gw =
192.168.188.2
IP4.DNS[1]: 192.168.188.2
IP4.DOMAIN[1]: localdomain
IP6.ADDRESS[1]: ip = fe80::20c:29ff:fe25:22a1/64,
gw = ::
[root@localhost Desktop]#

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
43
con add
Add a new connection.
[root@localhost Desktop]# nmcli con show
NAME UUID TYPE DEVICE
Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet ens33
eno16777736 c563813d-d308-4988-9891-3c2556c4d60f 802-3-ethernet --

[root@localhost Desktop]# nmcli conn add con-name "Test" type ethernet

ifname ens33  Add new connection called Test and attach it to an
interface called ens33
Connection 'Test' (58b5756e-91c2-457b-ac9e-f51899a57784) successfully
added.

[root@localhost Desktop]# nmcli con show

NAME UUID TYPE DEVICE
Test 58b5756e-91c2-457b-ac9e-f51899a57784 802-3-ethernet --
Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet ens33
eno16777736 c563813d-d308-4988-9891-3c2556c4d60f 802-3-ethernet --

con up/down
This command brings the connection up/down.

[root@localhost Desktop]# nmcli conn down Test

[root@localhost Desktop]# nmcli con show
NAME UUID TYPE DEVICE
Test 58b5756e-91c2-457b-ac9e-f51899a57784 802-3-ethernet --
Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet ens33
eno16777736 c563813d-d308-4988-9891-3c2556c4d60f 802-3-ethernet --
[root@localhost Desktop]# nmcli con up Test
Connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/11)
[root@localhost Desktop]# nmcli con show
NAME UUID TYPE DEVICE
Test 58b5756e-91c2-457b-ac9e-f51899a57784 802-3-ethernet ens33
Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet --
eno16777736 c563813d-d308-4988-9891-3c2556c4d60f 802-3-ethernet --

As u see the interface called ens33 was connected to connection named “Auto
Ethernet” once we bring up connection Test which is associated to the same
interface ens33, the interface disconnect from connection “Auto Ethernet”
and connects to Test connection
This is because there is only one active connection on any interface at any
time.

con mod
This command modifies any connection.
[root@localhost Desktop]# nmcli conn mod "Auto Ethernet" +ipv4.addresses
"192.168.188.135/24"
This command will add additional IP address to the connection.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
44
[root@localhost Desktop]# nmcli conn show "Auto Ethernet" | grep
IPIP4.ADDRESS[1]: ip = 192.168.188.134/24, gw =
192.168.188.2
IP4.DNS[1]: 192.168.188.2
Ping 192.168.1IP4.DOMAIN[1]: localdomain
IP6.ADDRESS[1]: ip = fe80::20c:29ff:fe25:22a1/64,
gw = ::

As u see the IP we just added to our connection is not added to the

connection, for ur change to take effect, we need to restart the connection
(bring it down then up)
[root@localhost Desktop]# nmcli conn down "Auto Ethernet"
[root@localhost Desktop]# nmcli conn up "Auto Ethernet"
Connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/9)
[root@localhost Desktop]# nmcli conn show "Auto Ethernet" | grep IP
IP4.ADDRESS[1]: ip = 192.168.188.134/24, gw =
192.168.188.2
IP4.ADDRESS[2]: ip = 192.168.188.135/24, gw =
192.168.188.2
IP4.DNS[1]: 192.168.188.2
IP4.DOMAIN[1]: localdomain
IP6.ADDRESS[1]: ip = fe80::20c:29ff:fe25:22a1/64,
gw = ::

As u see we have 2 IPs in this connection, the old one that was already
configured in the connection and the new one we just added.

[root@localhost Desktop]# nmcli conn mod "Auto Ethernet"

connection.autoconnect yes
Autoconnect option makes the connection comes up automatically at booting
time or after reboot.

dev status
Show the avaialable devices and their associated configurations.

[root@localhost Desktop]# nmcli dev status

DEVICE TYPE STATE CONNECTION
ens33 ethernet connected Auto Ethernet
lo loopback unmanaged --

dev show
Show details of a specific device “network interface”
[root@localhost Desktop]# nmcli dev show ens33

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
45
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:25:22:A1
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: Auto Ethernet
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/6
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: ip = 192.168.188.134/24, gw =
192.168.188.2
IP4.DNS[1]: 192.168.188.2
IP4.DOMAIN[1]: localdomain
IP6.ADDRESS[1]: ip = fe80::20c:29ff:fe25:22a1/64,
gw = ::
[root@localhost Desktop]#

dev dis
This command disconnect the device from it’s connection
[root@localhost Desktop]# nmcli con show
NAME UUID TYPE DEVICE
Test 58b5756e-91c2-457b-ac9e-f51899a57784 802-3-ethernet ens33
Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet --
eno16777736 c563813d-d308-4988-9891-3c2556c4d60f 802-3-ethernet --
[root@localhost Desktop]# nmcli dev dis ens33
[root@localhost Desktop]# nmcli con show
NAME UUID TYPE DEVICE
Test 58b5756e-91c2-457b-ac9e-f51899a57784 802-3-ethernet --
Auto Ethernet 8b5aeac2-ec8d-4225-9aad-e94a3d7afb54 802-3-ethernet --
eno16777736 c563813d-d308-4988-9891-3c2556c4d60f 802-3-ethernet --
[root@localhost Desktop]#

nmtui
NETWORK CONFIGURATION USING A TEXT USER INTERFACE (NMTUI)
This tool is alternative to nmcli tool.
/etc/sysconfig/network-scripts/ifcfg-<name>
Save configuration files in the /etc/sysconfig/network-scripts directory.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
46
In the static settings, variables for IP address, prefix, and gateway have a number at the
end. This allows multiple sets of values to be assigned to the interface. The DNS variable
also has a number which is used to specify the order of look up when multiple servers are
specified.
nmcli con reload
nmcli con down " System eth0"
nmcli con up " System eth0"
After changing the file, we need network manager to reload the configuration files, then we
need to restart the interface.
hostnamectl
hostname  list the server name
hostnamectl set-hostname <XXXXXXXX>  Change server name.
This command modifies /etc/hostname file
hostnamectl status  you can check using this if it is a machine or VM.

/etc/hosts
This file is the local DNS for the server, if he can’t resolve using this
file, then the server will ask the DNS server configured in
/etc/reslov.conf

/etc/resolv.conf
This file is used to add the DNS servers IPs that the server will reach them if he fails to
resolve using /etc/hosts file.
cat /etc/resolv.conf
nameserver <IP>  up to 3 servers for redundancy.
search example.com
# domain example.com
Note:
When using nmcli or editing network scripts files.
nmcli con mod ID ipv4.dns IP
nmcli con down ID
nmcli con up ID
or
cat /etc/sysconfig/network-scripts/ifcfg–ID

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
47
NetworkManager will update the /etc/resolv.conf file using DNS
settings in the connection configuration files.

nmcli con mod "System eth0" ipv4.ignore-auto-dns yes

If DHCP is in use, /etc/resolv.conf is automatically rewritten as
interfaces are startd, unless you specify PEERDNS=no in the relevant
interface configuration files.
The change can be made with nmcli.

chronyd
The chronyd service keeps the usually-inaccurate local hardware clock (RTC) on track by
synchronizing it to the configured NTP servers, or if no network connectivity is available, to
the calculated RTC clock drift which is recorded in the driftfile specified in the /etc/chrony.
conf configuration file.
By default, chronyd uses servers from the NTP Pool Project for the time synchronization
and does not need additional configuration. It may be useful to change the NTP servers
when the machine in question is on an isolated network.
The quality of an NTP time source is determined by the stratum value reported by the time
source. The stratum determines the number of hops the machine is away from a high
performance reference clock. The reference clock is a stratum a time source. An NTP
server directly attached to it is a stratum 1, while a machine synchronizing time from the
NTP server is a stratum 2 time source.
There are two categories of time sources that can be configured in the /etc/chrony. conf
configuration file, server and peer. The server is one stratum above the local NTP server,
and the peer is at the same stratum level. More than one server and more than one peer
can be specified, one per line.
The first argument of the server line is the IP address or DNS name of the NTP server.
Following the server IP address or name, a series of options for the server can be listed. It
is recommended to use the iburst option, because after the service starts, four
measurements are taken in a short time period for a more accurate initial clock
synchronization.
To reconfigure the chronyd server to synchronize with classroom.example.com instead of
the default servers configured in the /etc/chrony. conf, remove the other server entries and
replace them with the following configuration file entry:
# Use public servers from the pool.ntp.org project.
server classroom.example.com iburst
-systemctl restart chronyd After pointing chronyd to the local time source,
classroom.example.com, the service needs to be restarted.
-chronyc sources  it is useful to verify the NTP server was used to synchronize the
system clock, for more verbose output with additional explanations about the output,
chronyc sources -v.
NB: The chronyc command acts as a client to the chronyd service.

# yum install chrony

# vim /etc/chrony.conf

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
48
server classroom.example.com iburst
# systemctl restart chronyd
# chronyc sources -V --> to check the ntp servers

Firewall
The netfilter subsystem allows kernel modules to inspect every packet traversing the
system.
This means any incoming, outgoing, or forwarded network packet can be inspected,
modified, dropped, or rejected in a programmatic way, before reaching components in user
space.
Iptables & firewalld programs are used to interact with netfilter.
iptables
The iptables command is a low-level tool, and it can be challenging to correctly manage
firewalls with that tool. In addition, it only adjusts IPv4 firewall rules. Other utilities, such
as ip6tables for IPv6 and ebtables for software bridges, need to be used for more complete
firewall coverage.
firewalld
firewalld is a system daemon that can configure and monitor the system firewall rules.
Applications can talk to firewalld to request ports to be opened using the DBus messaging
system, a feature which can be disabled or locked down). It both covers IPv4, IPv6, and
potentially ebtables settings, not part of a minimal system install.
firewalld simplifies firewall management by classifying all network traffic into zones. Based
on criteria such as the source IP address of a packet or the incoming network interface,
traffic is then diverted into the firewall rules for the appropriate zone. Each zone can have
its own list of ports and services to be opened or closed.
Every packet that comes into the system will first be checked for its source address. If that
source address is tied to a specific zone, the rules for that zone will be parsed. If the source
address is not tied to a zone, the zone for the incoming network interface will be used.
If the network interface is not associated with a zone for some reason, the default zone will
be used. The default zone is not a separate zone itself; it is one of the other zones. The
public zone is used by default, but this can be changed by a system administrator.
Most zones will allow traffic through the firewall which matches a list of particular ports
and protocols ( "631/udp" ) or pre-defined services ( "ssh" ).
The lo interface is treated as if it were in the trusted zone.
By default, all zones permit any incoming traffic which is part of a communication initiated
by the system, and all outgoing traffic.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
49
Pre-defined Zones

firewall-cmd
[csp@localhost Desktop]$ firewall-cmd --get-zones
block dmz drop external home internal public trusted work

[csp@localhost Desktop]$ firewall-cmd --get-default-zone

public
[csp@localhost Desktop]$ firewall-cmd --get-active-zones
public
interfaces: ens33
[root@localhost Desktop]# firewall-cmd --set-default-zone=internal
success
[root@localhost Desktop]# firewall-cmd --get-active-zones
internal
interfaces: ens33

List all zones currently in use(have an interface or source tied to them), along with their
interface and source information.

[root@localhost Desktop]# firewall-cmd --add-

source=192.168.168.10/24 --zone=block
success
[root@localhost Desktop]# firewall-cmd --get-active-zones
internal
interfaces: ens33
block

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
50
 sources: 192.168.168.10/24
[root@localhost Desktop]# firewall-cmd --add-
source=192.168.100.18/16
Success

Many of the commands listed take the --zone=<ZONE> option to

determine which zone they affect, if no --zone= option is provided,
the default zone will be used.

[root@localhost Desktop]# firewall-cmd --get-active-zones

internal
interfaces: ens33
sources: 192.168.100.18/16
block
sources: 192.168.168.10/24
[root@localhost Desktop]#
[root@localhost Desktop]# firewall-cmd --remove-
source=192.168.100.18/16
Success

firewall-cmd --add-interface=ens33 --zone=block

firewall-cmd --change-interface=ens33 --zone=block  Associate the
interface with <ZONE> instead of its current zone.

firewall-cmd --list-all[--zone=<ZONE>]--> List all configured

interfaces,sources,services,and ports for <ZONE>.
firewall-cmd --list-all-zones

firewall-cmd --add-port=<PORT/PROTOCOL>[--zone=<ZONE>]
firewall-cmd --remove-port=<PORT/PROTOCOL>[--zone=<ZONE>]

# firewall -cmd --get-services  List the pre-defined services.

Services are network ports but are well known as default ports for specific services
ex: 22 is the default port for SSH service.
The configuration files that define the ones included in the firewalld package can be found
in the /usr/lib/firewalld/services directory.
You can directly edit configuration files in /etc/firewalld/
firewall-cmd --add-service=<SERVICE>[--zone=<ZONE>]
firewall-cmd --remove-service=<SERVICE>[--zone=<ZONE>]

firewall-cmd --reload  you need to reload the firewalld after

making some changes in order to take effect.

NB:
Almost all commands will work on the runtime configuration (if the server reboots, it will br
removed ), unless the --permanent option is specified.
firewall-cmd --remove-service=<SERVICE> --permanent [--zone=<ZONE>]

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
51
firewall-config
# firewall-config  graphical tool can also be used to review pre-defined services and to
define additional services.
used to alter and inspect both the running, in-memory configuration for firewalld “not
permanent change”, as well as the persistent, on-disk configuration that will be used after a
restart/reload of firewalld.

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
52
Labs
One
1- cat the file /etc/passwd and notice the different fields.
2- What is the different between cat and more command
CAT: Reads a file completely at a time.
MORE: Reads a file but page by page.
3- What is the difference between rm and rmdir using man?
RM: Completely deletes the file (SHIFT + Delete) .
RMDIR: Deletes the directory including files but if it was empty.
Rm –r “a directory” >>> deletes the directory weather it has files or not

4- Create the following hierarchy:

a. Remove dir11 in one step. What do you notice? And how to overcome
that?
>> The command “rmdir dir11” is not accepted because it’s not
an empty file.
>>Using this command , the problem will be solved
“rm -r dir11”
b. Then remove dir12 using rmdir –p command. State what happened to
the hierarchy (Note: you are in your home dir).
>>The ‘dir12’ was deleted and ‘dir1’ must be deleted too.
5- Copy the passwd file to your home directory making its name is mypasswd.
>> cp /etc/passwd /home/mina/mypasswd

6- Rename this new file to be oldpasswd.

>>mv mypasswd oldpasswd

7- The output of the command pwd was /home/mina/dir1/dir11. Write the

absolute and relative path for the file mycv.
>>RELATIVE>>cd ../../mydocs/mycv
>>ABSOLUTE>> /home/mina/mydocs/mycv
8- Display the first 4 lines of /etc/passwd

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
53
 head –n 4 /etc/passwd
9- Display the last 7 lines of /etc/passwd
tail –n 7 /etc/passwd
10- Using vi write your CV in the file mycv. Your CV should include your name, age,
school, college, experience…
11- Open mycv file using vi command then: ( state how to)
vi mycv
a. search for word age
/age
b. Go to the first line in the file
G
c. Step to line 5 (assuming that you are in line 1 and file is more than 5 lines).
:5
d. Delete the line you are on.
dd
e. How to step to the end of line and change to writing mode in one step.
A
Two
1. Set VM with following networking
*serverX.example.com provided with ip=172.25.X.11/255.255.255.0
*serverX.example.com are provided with gateway 172.25.254.254 & example.com
dns domain with the IP: 172.25.254.254

# nmcli connection add con-name eth0 ifname eth0 type ethernet ip4
172.25.9.11/24 gw4 172.25.254.254
# nmcli connection modify eth0 ipv4.dns 172.25.254.254
# nmcli connection modify eth0 ipv4.method manual
# nmcli connection modify eth0 connection.autoconnect true
# nmcli connection down eth0
# nmcli connection up eth0

2. Set hostname to server9.example.com

# hostnamectl set-hostname server9.example.com

3. create the following user, groups, and group memberships:

–> A group named sysgrp
–> A user andrew who belongs to sysgrp as a secondary group
–> A user susan also belongs to sysgrp as a secondary group
–> A user sarah who does not have access to an interactive shell on system and
who not a member of sysgrp
–> susan,sarah, andrew password = Postroll‖

# groupadd sysgrp
# useradd -aG sysgrp andrew
# useradd -aG sysgrp susan
# useradd -s /sbin/nologin sarah
# passwd susan
# passwd sarah

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
54
 # passwd Andrew

4. Create a collaborative directory /redhat/sysgrp with the

following characteristics:
–> Group owneship of /redhat/sysgrpis sysgrp
–> The directory should be readable,writable, and accessable
to members of sysgrp, but not to any other user.
(It is understood that root has access to all files and
directories on the system.)
–> Files created in /redhat/sysgrp automatically have group
ownership set to the sysgrp group

# mkdir -p /redhat/sysgrp
# chgrp sysgrp /redhat/sysgrp
# chmod 2770 /redhat/sysgrp

5. Configure your system so that it is an NTP client of

classroom.example.com

# yum install chrony

# vim /etc/chrony.conf
server classroom.example.com iburst
# systemctl restart chronyd
# chronyc sources -V --> to check the ntp servers

6. Add the user talusan with userid 2985

# useradd -u 2985 talusan

7. create an archive file /root/local.tgz for /usr/local. it

should be compressed by gzip.
# tar -cvzf /root/local.tgz /usr/local

8. copy the file /etc/fstab to /var/tmp

configure the permission of /var/tmp/fstab so that
the file /var/tmp/fstab is owned by the root user, belongs to
the group root should not be executable by anyone.
The user andrew is able to read & write /var/tmp/fstab
The user susan can neighter write nor read /var/tmp/fstab
All other users (current or future) have the ability to read
/var/tmp/fstab.

# cp /etc/fstab /var/tmp/
# chown root:root /var/tmp/fstab
# setfacl -m u:andrew:rw- /var/tmp/fstab
# setfacl -m u:susan:--- /var/tmp/fstab

Redhat Linux Course

RHCSA Certfication -- Admin I & II
https://www.facebook.com/groups/438225846919019/
55