Sanjeev Agrawal Global Educational

University, Bhopal

Lab File

Of

Linux Administration

Course Code: CA21B502P

Prepared by:

Rajul Mewade

Enrolment No.- 22BCA3CCM10030

School Of Computer Applications

Session: Autumn 2024-25

S Title Scheduled Actual Remarks
No. Date Date

1 To configure the following tasks and

verify them using grep, cut, tr, and sed
commands. Additionally, create an
alias named eth0:0 using specified
credentials in RHEL 5.

2 To configure the password policy for

the user john with specific arguments
in RHEL.

3 To add user accounts and groups,

assign users to groups, and verify their
group memberships in RHEL.

4 To configure ACLs (Access Control

Lists) for user and group permissions
on a Linux system.

5 You are tasked with finding all SUID &

SGID files under the / directories.

6 Explain the suid, sgid& sticky bit

permission with example

7 To manage packages using the rpm

command by verifying the installation
of the ftp package, installing it if
necessary, displaying its configuration
files, and ensuring the ftp service is
enabled at startup.

8 To use rpm queries for gathering

specific information about installed
packages, including listing files in a
package, finding installed packages by
 name, and identifying the package that
provides a specific file.

9 . Prepare a cron job that take the backup

of /home at 5:00pm on every Saturday.
Change your system date to 1:00pm
March 1990. Copy /etc/fstab file to
/tmp directory as newfstab file. The
user owner is Jack and group owner is
admin. Give full permission to user
owner and read, write permission to
group owner. No permission to others.

10 To configure a Linux system with the

following specifications:Set SELinux
to enforcing mode.Enable the firewall
and block SSH access through
it.Configure an FTP server such
that:Anonymous users can upload and
download data.Users John and Carel
are denied access. The FTP server is
accessible only within the private
network.
 Experiment - 1
Aim
To configure the following tasks and verify them using grep, cut, tr, and sed commands.
Additionally, create an alias named eth0:0 using specified credentials in RHEL 5.

Prerequisites
• Basic understanding of Linux commands like grep, cut, tr, and sed.
• Access to RHEL 5 or similar Linux environment.
• Root privileges to create aliases.

Tools Required
• Linux terminal
• Commands: grep, cut, tr, sed, ifconfig

Steps
Task 1: List the lines containing "/sbin/nologin" from the /etc/passwd file
1. Open your terminal.
2. Run the following command to search for lines that contain /sbin/nologin in the
/etc/passwd file:
grep "/sbin/nologin" /etc/passwd

3. This command will output the lines from /etc/passwd where the user accounts are
configured with /sbin/nologin as their shell.
Task 2: List only lines of output from ps that contain the string "init"
1. In the terminal, run the following command to display running processes that contain
the string init:
ps -ef | grep "init"
 2. This will filter the output of the ps command and display only those processes that
match the keyword init.

Task 3: Display the list of GIDs from the /etc/passwd file

1. To extract and display the Group IDs (GIDs) from the /etc/passwd file, use the cut
command as follows:
cut -d':' -f4 /etc/passwd
2. This will output the GID (4th field) of each user listed in the /etc/passwd file.

Task 4: Alter all letters from range "a-f" to "A-F" in /etc/passwd

1. Use the tr (translate) command to change all lowercase letters between a-f to
uppercase A-F:
tr '[a-f]' '[A-F]' < /etc/passwd
2. This command will display the content of /etc/passwd with the specified letter
transformations.
Task 5: Create an alias named eth0:0 in RHEL 5 with specified credentials
1. Configure IP alias using the ip addr command:

2. Add default gateway to the network configuration:

3. Configure DNS by adding the following nameserver to /etc/resolv.conf:

4. Verify the network alias configuration by running:

Outcome
You will be able to filter and manipulate output using grep, cut, tr, and sed commands. You
will also have successfully created and verified an alias on your system.

Conclusion
The tasks were successfully completed using basic Linux commands, and the alias
configuration was verified.
 Experiment - 2
Aim
To configure the password policy for the user john with specific arguments in RHEL.

Prerequisites
1. Ensure you have root access or sudo privileges.
2. The john user should already exist on the system.

Tools Required
• Command-line interface (Terminal)

• chage command to manage password expiry.

Steps
Step 1: Open the terminal.
Step 2: Create the user john using the useradd command:
Step 3: Set a password for the user john:
You will be prompted to enter a new password. Type the password and press Enter.
You will need to confirm it by typing it again.

Step 4: Configure the password policy for the user john using the chage command:
sudo chage -m 4 john # Set minimum password age to 4 days
sudo chage -M 15 john # Set maximum password age to 15 days
sudo chage -I 2 john # Set inactive days to 2 days
sudo chage -E $(date -d "+6 months" +%Y-%m-%d) john # Set account expiration to
6 months from today

Step 5: Verify the password policy applied to the user john by running:
 Step 6: Check the output of the command to ensure the settings are as intended.

Outcome
After completing the steps, the password policy for the user john should be configured with
the specified parameters. The policy ensures:
• Minimum password age is set to 4 days, preventing the user from changing the
password too frequently.
• Maximum password age is set to 15 days, requiring the user to update their password
periodically.
• Inactive days are set to 2 days, after which the account will be considered inactive if
the password isn't changed.
• The account will expire in 6 months, after which the user will no longer be able to log in.

Conclusion
Configuring password policies is crucial for maintaining system security and user
accountability. By setting specific parameters for the user john, we have enhanced the overall
security posture of the system. This Experiment not only demonstrates the use of the chage
command but also emphasizes the importance of managing user credentials effectively to
safeguard sensitive information.
 Experiment - 3
Aim
To add user accounts and groups, assign users to groups, and verify their group memberships
in RHEL.

Prerequisites
Ensure you have root access or sudo privileges.

Tools Required
• Command-line interface (Terminal)

• useradd command to create users.

• groupadd command to create groups.

• passwd command to set user passwords.

• id command to verify group membership.

Steps
Step 1: Open the terminal.
Step 2: Create the user accounts with the specified usernames:

Step 3: Set a password for each user (123@iMs): For each user,

Step 4: Create the groups with the specified GIDs:

 Step 5: Add users to their respective groups:

Step 6: Verify that each user is in the appropriate groups using the id command:

Step 7: Review the output of each id command to ensure users are assigned to the
correct groups.

Outcome
After completing the steps, the following results should be achieved:
• Seven user accounts (joshua, alex, dax, bryan, zak, ed, and manager) have been
created.
• Three groups (sales, HR, and web) have been established with the specified GIDs.
• Users have been assigned to their respective groups as intended, and this has been
verified.

Conclusion
This Experiment demonstrates the process of managing user accounts and groups
within a Linux environment. By creating users, assigning them to specific groups, and
verifying these assignments, system administrators can effectively manage user
permissions and access control. This practice is essential for maintaining a secure and
organized system.
 Experiment - 4
Aim
To configure ACLs (Access Control Lists) for user and group permissions on a Linux system.

Prerequisites
• Basic understanding of Linux file permissions and user/group management.
• Familiarity with using the terminal.
• Ensure that ACL support is enabled on your filesystem (most modern Linux
distributions have this enabled by default).

Tools Required
• A Linux distribution (Ubuntu, RHEL, etc.).
• Terminal access with root or sudo privileges.

Steps
1. Create Groups

• Create the Admin and Web groups:

2. Create Users

• Create the users John and Jimmy:

3. Create a New Directory

• Create the directory /depts/tech/:

4. Change Directory Ownership

• Change the owner to root and group to Admin:

5. Set Default Permissions

• Set the default permissions so that the Admin group has access:
 6. Set ACL for the Web Group

• Give full permissions (read, write, execute) to the Web group:

7. Allow Specific Permissions for Users

• Allow John read and execute permissions but not write permission:

• Allow Jimmy full permissions on the /depts/tech/ directory:

8. Verify ACL Settings

• Check the ACL settings to verify the permissions:

Outcome
After completing the steps above, you will have successfully created two groups (Admin and
Web), added users (John and Jimmy), configured a directory (/depts/tech/) with appropriate
ownership and permissions, and set specific ACLs to manage access for users and groups.

Conclusion
This Experiment demonstrates how to use Access Control Lists (ACLs) in Linux to provide
fine-grained control over permissions. By setting ACLs, you can allow or restrict access to
files and directories for specific users and groups, enhancing the security and management of
resources in a multi-user environment.
 Experiment - 5
Aim
You are tasked with finding all SUID & SGID files under the / directories.

Prerequisites
⚫ Basic understanding of Linux file system and permissions (SUID and SGID).
⚫ Familiarity with run levels and systemd in Linux.
⚫ Knowledge of commands like find, ps, sort, and X server configuration.
⚫ Access to a Linux machine with root privileges.

Tools Required
⚫ A Linux-based system.
⚫ Terminal or shell access.
⚫ find, ps, sort, and X server utilities installed.
⚫ Text editor (e.g., vi, nano) to edit configuration files.

Steps
Part 1: Find SUID and SGID files
1. Open the terminal.
2. Use the find command to search for all SUID and SGID files under the / directory:
find / -perm /6000 -type f -exec ls -l {} \; 2>/dev/null
⚫ -perm /6000: Searches for files with SUID or SGID bit set.
⚫ -type f: Limits the search to regular files.
⚫ -exec ls -l: Displays detailed information about the files.
⚫ 2>/dev/null: Suppresses error messages from directories where the user lacks
permission.

Part 2: Configure the system to boot into run level 3 by default

1. Edit the default target for systemd to switch to run level 3 (multi-user target).
systemctl set-default multi-user.target

2. Reboot the system to apply the changes: reboot

Run X server in run level 3
1. Start the X server manually after booting into run level 3: startx
Part 3: Devise the ps command
1. Use the following ps command to list all processes and sort them by CPU usage:
ps -eo %cpu,pid,comm --sort=-%cpu
⚫ -e: Lists all processes.
⚫ -o %cpu,pid,comm: Customizes the output to include CPU usage, process ID, and
command.
⚫ --sort=-%cpu: Sorts the output by CPU usage in descending order.

Outcome
⚫ Successfully identified all SUID and SGID files under the / directory.
⚫ Configured the system to boot into run level 3 by default and launched the X server
manually.
⚫ Generated and sorted a process list displaying CPU usage, process ID, and command,
sorted by CPU utilization.

Conclusion
This Experiment demonstrates the use of Linux commands to manage system configurations,
analyze file permissions (SUID/SGID), and monitor system processes effectively. The ability
to configure the run level and start the X server ensures flexibility in server or non-GUI
environments. Using ps helps in performance monitoring and identifying resource-intensive
processes.
 Experiment - 6
Aim
Explain the suid, sgid& sticky bit permission with example

Prerequisites
1. Basic understanding of Linux file permissions and command-line operations.
2. Familiarity with Bash shell and environment variables like PS1.
3. Access to a Linux system with terminal access (preferably with root privileges).
4. Understanding of file permission bits and Bash prompt customization.

Tools Required
1) A Linux-based system with Bash shell.
2) Terminal or shell access.
3) chmod command to modify file permissions.
4) Text editor to modify configuration files (optional).

Steps
Part 1: Explanation of SUID, SGID, and Sticky Bit with Examples
SUID (Set User ID):
⚫ The SUID permission is set on an executable file and causes the file to be executed with
the permissions of the file’s owner, not the user who runs it.
⚫ Example: To set the SUID permission on a file: chmod u+s /path/to/file
⚫ Example of a SUID file: /usr/bin/passwd
⚫ When executed, passwd runs with root privileges even if a non-root user executes it.
SGID (Set Group ID):
⚫ When SGID is set on a file, the process runs with the group permissions of the file’s group,
not the user's group.
⚫ When SGID is set on a directory, files created in that directory inherit the group of the
directory instead of the user's primary group.
⚫ Example: To set the SGID permission on a file: chmod g+s /path/to/file
⚫ Example of SGID on a directory:
In the directory /shared, any new files created inside inherit the group of the directory.
Sticky Bit:
⚫ The sticky bit, when set on a directory, ensures that only the file's owner, the directory's
owner, or root can delete or rename files in that directory.
⚫ Example: To set the sticky bit on a directory: chmod +t /path/to/directory
⚫ Example of a directory with the sticky bit set:
/tmp directory, where users can create files but can only delete their own files, not others.
Part 2: Customizing the Bash Prompt (PS1)
1. Display the current value of the primary prompt string (PS1):
⚫ To display the current value of the prompt string (PS1), use the following command:
echo $PS1

2. Change the prompt to print a static string "ITIMS -":

⚫ To change the prompt string to print a static string followed by the current working
directory and the user prompt, use:
export PS1="ITIMS -\w\$ "

⚫ \w displays the current working directory, and \$ shows a $ for normal users or # for
root.
3. Restore the original prompt:
⚫ To restore the default prompt string (typically showing the user and hostname), use:
export PS1="\u@\h \w\$ "

⚫ \u shows the username, \h shows the hostname, and \w shows the current working
directory.
4. Insert the Bash history prompt special character ! between the hostname and dollar sign:
⚫ To customize the prompt to display the history expansion character ! between the
hostname and dollar sign, modify the prompt as follows:
export PS1="\u@\h! \w\$ "

⚫ ! will show the history expansion character after the hostname.

Conclusion
This Experiment helps in understanding advanced file permissions, including SUID, SGID,
and Sticky Bit, along with their Experiment implications and usage. Additionally, it
demonstrates how to customize the Bash prompt to display specific information like the static
string, hostname, current directory, and history expansion. Customizing the prompt is a useful
skill for enhancing the user experience in the terminal.

Outcome
A clear understanding of SUID, SGID, and Sticky Bit permissions and their usage in Linux.
The ability to find and apply SUID, SGID, and Sticky Bit permissions on files and directories.
Customization of the Bash prompt using the PS1 variable to display specific information such
as static strings, the current directory, hostname, and history expansion character.
Restoration of the original prompt configuration after customization.
 Experiment - 7
Aim
To manage packages using the rpm command by verifying the installation of the ftp package,
installing it if necessary, displaying its configuration files, and ensuring the ftp service is
enabled at startup.

Prerequisites
1. Access to a Linux system with root or superuser privileges.
2. The rpm package manager must be installed and functional on the system.
3. Internet connectivity for downloading the package (if not already installed).

Tools Required
1) rpm: Red Hat Package Manager for package installation, querying, and verification.
2) systemctl: For managing services, including enabling services at startup.

Steps
1. Check if the ftp package is installed
Use the following command
rpm -q ftp

If the package is installed, this command will display the version of the package. If not
installed, it will indicate "package ftp is not installed."
2. Install the ftp package if not installed
Run the following command to install the package:
sudo yum install ftp -y

3. Verify the installation of the ftp package

After installation, verify it using:
rpm -q ftp

4. Display the configuration files of the ftp package

Use the rpm query option to list configuration files:
rpm -qc ftp
5. Enable the ftp service at startup
⚫ Start the service (if applicable):
sudo systemctl start vsftpd

⚫ Enable the service to start at boot:

sudo systemctl enable vsftpd

⚫ Verify the service status:

sudo systemctl status vsftpd

Conclusion
Using the rpm command, we verified the installation of the ftp package, installed it if missing,
displayed its configuration files, and ensured the associated service is enabled at startup. This
process demonstrates basic package management and service configuration in Linux.

Outcome
1. The ftp package is installed and verified on the system.
2. The configuration files for the ftp package are identified and listed.
3. The ftp service is enabled to start at boot, ensuring availability after system reboots.
 Experiment - 8
Aim
To use rpm queries for gathering specific information about installed packages, including
listing files in a package, finding installed packages by name, and identifying the package that
provides a specific file.

Prerequisites
1) Access to a Linux system with rpm installed and functional.
2) Root or superuser privileges to execute commands if necessary.

Tools Required
⚫ rpm: Red Hat Package Manager for querying package information.

Steps
1. List all files in the initscripts package
Use the following rpm query to display the files included in the initscripts package:
rpm -ql initscripts

This command will list all files provided by the initscripts package, including executables,
configuration files, and documentation.
2. Find installed packages containing "gnome" in their names
Run the following command to search for installed packages with "gnome" in their names:
rpm -qa | grep gnome

This will display a list of installed packages whose names contain "gnome."
3. Identify the RPM package that provides /etc/inittab
Use the following command to find which package provides the /etc/inittab file:
rpm -qf /etc/inittab

This command will output the name of the package that owns the specified file.

Conclusion
Using rpm queries, we explored detailed information about installed packages, including listing
files within a package, searching for packages by keyword, and identifying the package
responsible for a specific file. These commands are useful for managing and troubleshooting
system packages effectively.

Outcome
By the end of this Experiment:
⚫ All files included in the initscripts package are identified and listed.
⚫ A list of all installed packages containing "gnome" in their names is generated.
⚫ The RPM package providing /etc/inittab is determined successfully.
 Experiment - 9
Aim
Prepare a cron job that take the backup of /home at 5:00pm on every Saturday. Change your
system date to 1:00pm March 1990. Copy /etc/fstab file to /tmp directory as newfstab file. The
user owner is Jack and group owner is admin.

Prerequisites
1. Linux system with superuser privileges.
2. The cron service must be installed and running.
3. Access to chown, chmod, and date/time commands.
4. The Jack user and admin group must exist on the system

Tools Required
⚫ crontab: For scheduling tasks.
⚫ date: To change system date and time.
⚫ cp: To copy files.
⚫ chown: To modify ownership of files.
⚫ chmod: To change file permissions.

Steps
1. Schedule a cron job for /home backup
⚫ Open the crontab editor:
crontab -e

⚫ Add the following line to schedule the backup at 5:00 PM every Saturday:
0 17 * * 6 tar -czf /backup/home_backup_$(date +\%F).tar.gz /home

Here, the tar command creates a compressed backup in /backup with the current date in its
filename.
⚫ Save and exit the crontab editor.
2. Change the system date to 1:00 PM, March 1990
 ⚫ Use the date command as follows:
sudo date -s "1990-03-01 13:00:00"

⚫ Verify the change using:

Date

3. Copy /etc/fstab to /tmp as newfstab

⚫ Copy the file:
cp /etc/fstab /tmp/newfstab

⚫ Change ownership to user Jack and group admin:

sudo chown Jack:admin /tmp/newfstab

⚫ Set permissions:
sudo chmod 764 /tmp/newfstab

⚫ 7 (full permission) for the user Jack.

⚫ 6 (read and write) for the group admin.
⚫ 0 (no permission) for others.

Conclusion
Through this Experiment, we learned how to:
1. Schedule and manage automated tasks using cron.
2. Modify the system date and time.
3. Copy files, change their ownership, and set precise permissions.

Outcome
1) A cron job is configured to back up the /home directory at 5:00 PM every Saturday.
2) The system date is successfully changed to 1:00 PM, March 1990.
3) The /etc/fstab file is copied to /tmp as newfstab, with ownership assigned to Jack and
admin, and permissions set as required.
 Experiment - 10

Aim

To configure a Linux system with the following specifications:Set SELinux to enforcing

mode.Enable the firewall and block SSH access through it.Configure an FTP server such
that:Anonymous users can upload and download data.Users John and Carel are denied access.
The FTP server is accessible only within the private network.

Prerequisites

1. A Linux system with root or superuser privileges.

2. SELinux enabled and installed (setenforce command).
3. firewalld service installed and running.
4. An FTP server, such as vsftpd, installed.
5. The users John and Carel must exist in the system.
6. Private network configuration details (e.g., 192.168.x.x).

Tools Required
• SELinux utilities: For managing SELinux.
⚫ firewalld: For configuring the firewall.
⚫ vsftpd: An FTP server for secure file transfer.

Steps
1. Configure SELinux to Enforcing Mode
⚫ Check the current SELinux status:
Sestatus

⚫ Set SELinux to enforcing mode:

sudo setenforce 1

⚫ Permanently configure SELinux to enforcing mode:

Edit the /etc/selinux/config file:
sudo nano /etc/selinux/config
 ⚫ Set:
SELINUX=enforcing

⚫ Save and exit the file, then reboot the system to apply changes.
2. Enable Firewall and Block SSH Access
⚫ Start and enable the firewall:
sudo systemctl start firewalld

sudo systemctl enable firewalld

⚫ Block SSH (port 22) through the firewall:

sudo firewall-cmd --permanent --remove-service=ssh

⚫ Reload the firewall to apply changes:

sudo firewall-cmd --reload

3. Configure the FTP Server

Install vsftpd
⚫ Install the FTP server if not already installed:
sudo yum install vsftpd -y

Allow Anonymous Upload and Download

⚫ Open the FTP server configuration file:
sudo nano /etc/vsftpd/vsftpd.conf

⚫ Set the following parameters:

anonymous_enable=YES
anon_upload_enable=YES
 anon_mkdir_write_enable=YES
write_enable=YES

⚫ Save and exit the file.

Deny Access to Users John and Carel
⚫ Add the following lines to the configuration file:
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=YES

⚫ Create or edit the /etc/vsftpd/user_list file and add:

John
Carel
Restrict Access to Private Network
⚫ Add the following rule to allow only the private network (e.g., 192.168.0.0/16):
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4"
source address="192.168.0.0/16" service name="ftp" accept'

⚫ Block FTP access for all other networks:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4"
service name="ftp" reject'

⚫ Reload the firewall:

sudo firewall-cmd --reload

Start and Enable the FTP Server

 ⚫ Start the vsftpd service:
sudo systemctl start vsftpd

⚫ Enable the service to start at boot:

sudo systemctl enable vsftpd

Conclusion
This Experiment demonstrated:
1. Configuring SELinux in enforcing mode to enhance security.
2. Enabling a firewall while restricting SSH access.
3. Setting up an FTP server with anonymous upload/download capabilities, denying specific
users, and limiting access to a private network.

Outcome
1) SELinux is in enforcing mode.
2) The firewall is active and blocks SSH access.
3) The FTP server is:
⚫ Configured for anonymous uploads/downloads.
⚫ Denying access to users John and Carel.
⚫ Accessible only within the private network.