Linux Sphere: 2013

20 September, 2013

Rescue Mode in Linux

Rescue mode allows you to boot a small Linux environment entirely from a diskette, CD- ROM, or use another method.

However, there may be times when you cannot get Linux running completely enough to access files on the hard drive of your system. Rescue mode, you can access files stored on the hard drive of your machine's files, even if you cannot run Linux from that hard drive.

In general, you have to go into rescue mode for one of two reasons:

You are unable to boot Linux.

You encounter hardware or software problems, and want to recover some important files off the hard drive of your system.

Linux Rescue and Single User Troubleshooting

# if you find kernel panic error due to an incorrect configuration, follow the steps below.

If any configuration error occurs on the grub.conf file then boot in single user mode.

How to start a single user mode

Press "E" for editing in the first GRUB screen after POST.

Changes to the boot line

Put "single" in spite of "RO"

Press "B" to boot the system that will move you in the Root shell, update the configuration file with the appropriate options and reboot the machine or start another init.

If the error in /etc/fstab error will be

Type Control+d to continue...

To resolve this error using the linux rescue boot CD first

After booting and initiating rescue command we need to mount hdd in any test directory.

# chroot /mnt/sysimage

Knowing the label mount

#e2lable /dev/hda2 (of hda of root partition. Let say it is 2.

#mkdir test

#mount /dev/hda2 test

then edit the file which ever you require in default state.

# vi test/etc/fstab

# vi test/etc/passwd Extra first put directory name before path.

How to know in which run level you are:

#run level

#tty (To find out in which terminal you are)

14 September, 2013

Password Breaking and Grub Password

In this tutorial we'll talk about password breaking and grub password. Sometimes you do not remember the root password. On Linux, recovering root password can be done by booting Linux in a specific mode: single user mode.

This tutorial will show you how to boot Linux in single-user mode when using GRUB and finally how to change the root password.

In normal use, a Linux OS runs under runlevels between 2 and 5 corresponding to various multi-user modes. Booting Linux under runlevel 1 will allow one to enter a single-user mode, the mode of a specific user. At some level, you get a root prompt directly. From there, change the root password is a piece of cake.

Entering runlevel 1

Some Linux distributions, such as Ubuntu, for example, offers a specific entry in the start menu where it says “Recovery Mode“ or "single user mode". If this is the case, this menu, you can start the machine in single-user mode, you can continue with the next section. If you can read this part.

With GRUB, you can manually change the input of the proposed startup menu at boot time. To do this, when the GRUB menu list (you may have to press the ESC key first), follow these instructions:

   * use the arrows keys to select the boot entry you want to edit.
   * press e to edit the entry
   * use the arrows to go to the kernel line
   * press e to edit this entry
   * the end of the line to add a word    single
   * press Esc to return to the main menu
   * press b to boot the kernel

Start the kernel must as always (except for the graphical display can be used), and finally get a root system (sh #).

Here we have access to the root file system, we finally change the password.

Change the root password

As root, while change the password does not require the old password, then run the command:

[root@linuxguide ]# passwd

you are prompted to enter your new password and ask you to confirm to ensure there are no typo.

Well, now you can reboot your box and gain root access again.

There is another way to break the GRUB boot password, follow these steps:

Step-1 Boot the system using the first CD of Linux. At the prompt, type: linux rescue to enter rescue mode. In rescue mode you will be asked whether to respect the similar measures to be followed in the installation. Once appeared the # prompt, type the following command:

[root@linuxguide ]# chroot /mnt/sysimage

Step-2 Edit the grub.conf file and remove the line in the passwd file. Save the file and exit.

Step-3 Once your machine restarts, you will be able to start your Linux operating system with standard.

09 September, 2013

Software Installation with RPM & YUM

Installation with RPM:

RPM stands for Red Hat Package Manager. Red Hat introduced RPM in 1995. RPM is now the package management system used for packaging in the Linux Standard Base (LSB). The rpm command options are grouped into three subgroups for:

    Querying and verifying packages
    Installing, upgrading, and removing packages
    Performing miscellaneous functions

RPM command is used for installing, uninstalling, upgrading, querying, listing, and checking RPM packages on your Linux system. With root privilege, you can use the rpm command with appropriate options to manage the RPM software packages.

Installing a RPM package Using rpm -ivh

RPM filename has packagename, version, release and architecture name.

For example, In the MySQL-client-3.23.57-1.i386.rpm file:

    MySQL-client – Package Name
    3.23.57 – Version
    1 – Release
    i386 – Architecture

When you install a RPM, it checks whether your system is suitable for the software the RPM package contains, figures out where to install the files located inside the rpm package, installs them on your system, and adds that piece of software into its database of installed RPM packages.

The following rpm command installs Mysql client package.

[root@linuxguide ]# rpm -ivh MySQL-client-3.23.57-1.i386.rpm
    Preparing...                ########################################### [100%]
   1:MySQL-client           ########################################### [100%]

rpm command and options

    -i : install a package
    -v : verbose
    -h : print hash marks as the package archive is unpacked.

Query a Particular RPM Package using rpm -q

The above example lists all currently installed package. After installation of a package to check the installation, you can query a particular package and verify as shown below.

[root@linuxguide ]# rpm -q MySQL-client
MySQL-client-3.23.57-1

[root@linuxguide ]# rpm -q MySQL
package MySQL is not installed

Note: To query a package, you should specify the exact package name. If the package name is incorrect, then rpm command will report that the package is not installed.

Upgrading a RPM Package using rpm -Uvh

Upgrading a package is similar to installing one, but RPM automatically un-installs existing versions of the package before installing the new one. If an old version of the package is not found, the upgrade option will still install it.

[root@linuxguide ]# rpm -Uvh MySQL-client-3.23.57-1.i386.rpm
Preparing... ########################################### [100%]
1:MySQL-client ###########################################

Uninstalling a RPM Package using rpm -e

To remove an installed rpm package using -e as shown below. After uninstallation, you can query using rpm -qa and verify the uninstallation.

[root@linuxguide ]# rpm -ev MySQL-client

Information about Installed RPM Package using rpm -qi

rpm command provides a lot of information about an installed pacakge using rpm -qi

If you have an RPM file that you would like to install, but want to know more information about it before installing, you can do the following:

[root@linuxguide ]# rpm -qip MySQL-client-3.23.57-1.i386.rpm

Name        : MySQL-client                 Relocations: (not relocatable)
Version     : 3.23.57                           Vendor: MySQL AB
Release     : 1                               Build Date: Mon 09 Jun 2003 11:08:28 PM CEST
Install Date: (not installed)                Build Host: build.mysql.com
Group       : Applications/Databases        Source RPM: MySQL-3.23.57-1.src.rpm
Size        : 5305109                          License: GPL / LGPL
Signature   : (none)
Packager    : Lenz Grimmer
URL         : http://www.mysql.com/
Summary     : MySQL - Client
Description : This package contains the standard MySQL clients.

    -i : view information about an rpm
    -p : specify a package name

Installation with YUM:

The yum command requires a repository as the source of the packages. If you are connected to the internet, you may choose to use the repository provided by your Linux distribution.

Installing, removing, and updating packages is a typical activity on Linux. Most of the Linux distributions provides some kind of package manager utility. For example, apt-get, dpkg, rpm, yum, etc.

yum is the default package manager on some Linux distributions.

Install a package using yum install

To install a package, do ‘yum install packagename’. This will also identify the dependencies automatically and install them.

The following example installs postgresql package.

[root@linuxguide ]# yum install postgresql.x86_64
Resolving Dependencies
Install       2 Package(s)
Is this ok [y/N]: y

Package(s) data still to download: 3.0 M
(1/2): postgresql-9.0.4-5.fc15.x86_64.rpm          | 2.8 MB     00:11
(2/2): postgresql-libs-9.0.4-5.fc15.x86_64.rpm    | 203 kB     00:00
------------------------------------------------------------------
Total                                        241 kB/s | 3.0 MB     00:12

Running Transaction
Installing : postgresql-libs-9.0.4-5.fc15.x86_64             1/2
Installing : postgresql-9.0.4-5.fc15.x86_64                   2/2

Complete!

By default ‘yum install’, will prompt you to accept or decline before installing the packages. If you want yum to install automatically without prompting, use -y option as shown below.

[root@linuxguide ]# yum -y install postgresql.x86_64

Uninstall a package using yum remove

To remove a package (along with all its dependencies), use ‘yum remove package’ as shown below.

[root@linuxguide ]# yum remove postgresql.x86_64
Resolving Dependencies
---> Package postgresql.x86_64 0:9.0.4-5.fc15 will be erased

Is this ok [y/N]: y

Running Transaction
Erasing : postgresql-9.0.4-5.fc15.x86_64 1/1

Removed:
postgresql.x86_64 0:9.0.4-5.fc15

Complete!

Upgrade an existing package using yum update

If you have a older version of a package, use ‘yum update package’ to upgrade it to the latest current version. This will also identify and install all required dependencies.

[root@linuxguide ]# yum update postgresql.x86_64

Install a specific software group using yum groupinstall

To install specific software group, use groupinstall option as shown below. In the following example, ‘DNS Name Server’ group contains bind and bind-chroot.

[root@linuxguide ]# yum groupinstall 'DNS Name Server'

Dependencies Resolved
Install       2 Package(s)
Is this ok [y/N]: y

Package(s) data still to download: 3.6 M
(1/2): bind-9.8.0-9.P4.fc15.x86_64.rpm             | 3.6 MB     00:15
(2/2): bind-chroot-9.8.0-9.P4.fc15.x86_64.rpm   | 69 kB     00:00
-----------------------------------------------------------------
Total               235 kB/s | 3.6 MB     00:15

Installed:
bind-chroot.x86_64 32:9.8.0-9.P4.fc15

Dependency Installed:
bind.x86_64 32:9.8.0-9.P4.fc15

Complete!

Upgrade an existing software group using groupupdate

If you’ve already installed a software group using yum groupinstall, and would like to upgrade it to the latest version, use ‘yum groupupdate’ as shown below.

[root@linuxguide ]# yum groupupdate 'Graphical Internet'

Dependencies Resolved
Upgrade       5 Package(s)
Is this ok [y/N]: y

Running Transaction
Updating   : evolution-data-server-3.0.2-1.fc15.x86_64     1/10
Updating   : evolution-3.0.2-3.fc15.x86_64                 2/10
Updating   : evolution-NetworkManager-3.0.2-3.fc15.x86_64 3/10
Updating   : evolution-help-3.0.2-3.fc15.noarch            4/10
Updating   : empathy-3.0.2-3.fc15.x86_64                   5/10
Cleanup    : evolution-NetworkManager-3.0.1-1.fc15.x86_64 6/10
Cleanup    : evolution-help-3.0.1-1.fc15.noarch            7/10
Cleanup    : evolution-3.0.1-1.fc15.x86_64                 8/10
Cleanup    : empathy-3.0.1-3.fc15.x86_64                   9/10
Cleanup    : evolution-data-server-3.0.1-1.fc15.x86_64     10/10

Complete!

Uninstall a software group using yum groupremove

To delete an existing software group use ‘yum groupremove’ as shown below.

[root@linuxguide ]# yum groupremove 'DNS Name Server'
Dependencies Resolved
Remove        2 Package(s)
Is this ok [y/N]: y

Running Transaction
Erasing    : 32:bind-chroot-9.8.0-9.P4.fc15.x86_64 1/2
Erasing    : 32:bind-9.8.0-9.P4.fc15.x86_64            2/2

Complete!

Install from a disabled repositories using yum --enablerepo

By default yum installs only from the enabled repositories. For some reason if you like to install a package from a disabled repositories, use --enablerepo option in the ‘yum install’ as shown below.

[root@linuxguide ]# yum --enablerepo=fedora-source install vim-X11.x86_64
Dependencies Resolved
Install 1 Package(s)
Is this ok [y/N]: y

Running Transaction
Installing : 2:vim-X11-7.3.138-1.fc15.x86_64 1/1

Complete!

After that, you will be able to install softwares using rpm and yum.

08 September, 2013

Linux Sticky Bit

Introduction:

Sticky Bit is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.

For example: Create a project where people will try to dump files for sharing, but they should not delete the files created by other users.

How can I setup Sticky Bit for a Folder?

Sticky Bit can be set in two ways

Symbolic way (t, represents sticky bit)
Numerical/octal way (1, Sticky Bit bit as value 1)

Use chmod command to set Sticky Bit on Folder: /opt/dump/

Symbolic way:

[root@linuxguide ]$ chmod o+t /opt/dump/
or
[root@linuxguide ]$ chmod +t /opt/dump/

Let me explain above command, We are setting Sticky Bit(+t) to folder /opt/dump by using chmod command.

Numerical way:

[root@linuxguide ]$ chmod 1757 /opt/dump/

Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Checking if a folder is set with Sticky Bit or not?

Use ls –l to check if the x in others permissions field is replaced by t or T

For example: /opt/dump/ listing before and after Sticky Bit set

Before Sticky Bit set:

[root@linuxguide ]$ ls -l
total 8
-rwxr-xrwx 1 abc abcgroup 148 Oct 22 06:16 /opt/dump/

After Sticky Bit set:

[root@linuxguide ]$ ls -l
total 8
-rwxr-xrwt 1 abc abcgroup 148 Feb 22 04:26 /opt/dump/

Sticky Bit FAQs:

Now sticky bit is set, lets check if user “temp” can delete this folder which is created xyz user.

[root@linuxguide ]$ rm -rf /opt/dump

rm: cannot remove '/opt/dump': Operation not permitted

[root@linuxguide ]$ ls -l /opt
total 8
drwxrwxrwt 4 abc abcgroup 4096 2011-01-01 18:31 dump

if you observe other user is unable to delete the folder /opt/dump. And now content in this folder such as files and folders can be deleted by their respective owners who created them. No one can delete other users data in this folder though they have full permissions.

I am seeing “T” ie Capital s in the file permissions, what’s that?

After setting Sticky Bit to a file/folder, if you see ‘T’ in the file permission area that indicates the file/folder does not have executable permissions for all users on that particular file/folder.

Sticky bit without Executable permissions:

so if you want executable permissions, Apply executable permissions to the file.
chmod o+x /opt/dump/

ls -l command output:
-rwxr-xrwt 1 abc abcgroup 0 Mar 6 12:24 /opt/dump/

Sticky bit with Executable permissions:

you should see a smaller ‘t’ in the executable permission position.

How can I find all the Sticky Bit set files in Linux/Unix.

find / -perm +1000

The above find command will check all the files which is set with Sticky Bit bit(1000).

Can I set Sticky Bit for files?

Yes, but most of the time it’s not required.

How can I remove Sticky Bit bit on a file/folder?

chmod o-t /opt/dump/

06 September, 2013

Linux File and Folder Permissions

Introduction

File and folder security is an important element of any OS and Linux operating system is no exception!

These permits allow you to choose exactly who can access the files and folders that provides a comprehensive security system improved. Now consider a directory on your Linux server lab, to help us understand the information provided. While a simple 'ls' will give you the file and the list of directories in a given directory, add the '-l' reveals a number of new areas.

So what does all this output mean ? Especially all those 'rwx' lines?!

Let's start from scratch, the analysis of the information contained in the following command. From right to left, we have the file and the directory name. Then we will find the time and date of creation. The next column contains the file size in bytes - nothing special here. Next column shows the permissions. Each file in Linux is "owned" by a particular user, usually the user (owner) who created the file, but you can always give the property to another person. The owner could belong to a particular group, in this case, the file is also associated with the user group. The system identifies files by their inode number, which is the unique identification system for the file. Now, for the last column, the first left that contains the '-rw-r--r--' characters. These are the effective permissions set for the file or directory that are studied in particular.

[root@linuxguide work]# ls -l
total 0
-rw-r--r-- 1 root root 0 Jan 2 16:22 file1
-rw-r--r-- 1 root root 0 Jan 2 16:22 file2
-rw-r--r-- 1 root root 0 Jan 2 16:22 file3
-rw-r--r-- 1 root root 0 Jan 2 16:22 file4
-rw-r--r-- 1 root root 0 Jan 2 16:22 file5
-rw-r--r-- 1 root root 0 Jan 2 16:22 file6
-rw-r--r-- 1 root root 0 Jan 2 16:22 file7
-rw-r--r-- 1 root root 0 Jan 2 16:22 file8
-rw-r--r-- 1 root root 0 Jan 2 16:22 file9

To make things easier, we've split the permissions section into a further 4 columns as shown above. The first column indicates whether we are talking about a directory (d), file (-) or link (l).

Column 2 refers to the user rights. This is the owner of the file, directory or link and these three characters determine what the owner can do with it.

The 3 characters on column 2 are the permissions for the owner (user) of the file or directory. The next 3 are permissions for the group that the file is owned by and the final 3 characters define the access permissions for the others group, that is, everyone else not part of the group.

So, there are 3 possible attributes that make up file access permissions:

r - Read permission. Whether the file may be read. In the case of a directory, this would mean the ability to list the contents of the directory.
w - Write permission. Whether the file may be written to or modified. For a directory, this defines whether you can make any changes to the contents of the directory. If write permission is not set then you will not be able to delete, rename or create a file.
x - Execute permission. Whether the file may be executed. In the case of a directory, this attribute decides whether you have permission to enter, run a search through that directory or execute some program from that directory.

Here are some more examples focusing on the permissions:

-r--r--r-- :This means that owner, group and everyone else has only read permissions to the file (remember, if there's no 'd' or 'l', then we are talking about a file).
-rw-rw-rw- : This means that the owner, group and everyone else has read and write permissions.
-rwxrwxrwx : Here, the owner, group and everyone else has full permissions, so they can all read, write and execute the file (-).

Modifying Ownership & Permissions

So how do you change permissions or change the owner of a file?

Changing the owner or group owner of a file is very simple, you just type 'chown user:group filename.ext', where 'user' and 'group' are those to whom you want to give ownership of the file. The 'group' parameter is optional, so if you type 'chown asifark file.txt', you will give ownership of file.txt to the user named asifark.

In the case of a directory, nothing much changes as the same command is used. However, because directories usually contain files that also need to be assigned to the new user or group, we use the '-R' flag, which stands for 'recursive' - in other words all subdirectories and their files: 'chown -R user:group dirname'.

To change permissions you use the 'chmod' command. The possible options here are 'u' for the user, 'g' for the group, 'o' for other, and 'a' for all three. If you don't specify one of these letters it will change to all by default. After this you specify the permissions to add or remove using '+' or '-' . Let's take a look at an example to make it easier to understand:

If we wanted to add read, write and execute to the user of a particular file, we would type the following 'chmod u+rwx file.txt'. If on the other hand you typed 'chmod g-rw file.txt' you will take away read and write permissions of that file for the group .

While it's not terribly difficult to modify the permissions of a file or directory, remembering all the flags can be hard. Thankfully there's another way, which is less complicated and much faster. By replacing the permissions with numbers, we are able to calculate the required permissions and simply enter the correct sum of various numbers instead of the actual rights.

The way this works is simple. We are aware of three different permissions, Read (r), Write (w) and Execute (x). Each of these permissions is assigned a number as follows:

r (read) - 4
w (write) - 2
x (execute) - 1

Now, to correctly assign a permission, all you need to do is add up the level you want, so if you want someone to have read and write, you get 4+2=6, if you want someone to have just execute, it's just 1.. zero means no permissions. You work out the number for each of the three sections (owner, group and everyone else).

If you want to give read write and execute to the owner and nothing to everyone else, you'd get the number 700. Starting from the left, the first digit (7) presents the permissions for the owner of the file, the second digit (0) is the permissions for the group, and the last (0) is the permissions for everyone else. You get the 7 by adding read, write and execute permissions according to the numbers assigned to each right as shown in the previous paragraphs: 4+2+1 = 7.

If on the other hand you decide not to give anyone any permission, you would use '000' (now nobody can access the file, not even you!). However, you can always change the permissions to give yourself read access, by entering 'chmod 400 file.txt'.

For more details on the 'chmod' command, please take a look at the man pages.

As we will see soon, the correct combination of user and group permissions will allow us to perform our work while keeping our data safe from the rest of the world.

The world of Linux permissions is pretty user friendly as long as you see from the right perspective. Practice and reviewing the theory will certainly help you remember the most important information so you can perform your work without much trouble.

If you happen to forget something, you can always re-visit us, we will welcome you any time of the day :)

30 August, 2013

Linux Boot Process and Run Levels

What is GRUB

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Briefly, a boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software (such as the Hurd or Linux). The kernel, in turn, initializes the rest of the operating system (e.g. GNU).

Linux Boot Process

Press the power button on your system, and after few moments you see the Linux login prompt.

Have you ever wondered what happens behind the scenes from the time you press the power button until the Linux login prompt appears?

The following are the 6 high level stages of a typical Linux boot process.

1. BIOS

    BIOS stands for Basic Input/Output System
    Performs some system integrity checks
    Searches, loads, and executes the boot loader program.
    It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
    Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
    So, in simple terms BIOS loads and executes the MBR boot loader.

2. MBR

    MBR stands for Master Boot Record.
    It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
    MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.
    It contains information about GRUB (or LILO in old systems).
    So, in simple terms MBR loads and executes the GRUB boot loader.

3. GRUB

    GRUB stands for Grand Unified Bootloader.
    If you have multiple kernel images installed on your system, you can choose which one to be executed.
    GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
    GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
    Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS.

    ----------------------------------------------------------------------------------------------------------------------------
    #boot=/dev/sda
    default=0
    timeout=5
    splashimage=(hd0,0)/boot/grub/splash.xpm.gz
    hiddenmenu
    title CentOS (2.6.18-194.el5PAE)
              root (hd0,0)
              kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
              initrd /boot/initrd-2.6.18-194.el5PAE.img
    ----------------------------------------------------------------------------------------------------------------------------

    As you notice from the above info, it contains kernel and initrd image.
    So, in simple terms GRUB just loads and executes Kernel and initrd images.

4. Kernel

    Mounts the root file system as specified in the “root=” in grub.conf
    Kernel executes the /sbin/init program
    Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a ‘ps -ef | grep init’ and check the pid.
    initrd stands for Initial RAM Disk.
    initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware.

5. Init

    Looks at the /etc/inittab file to decide the Linux run level.
    Following are the available run levels
        0 – halt
        1 – Single user mode
        2 – Multiuser, without NFS
        3 – Full multiuser mode
        4 – unused
        5 – X11
        6 – reboot
    Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
    Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
    If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
    Typically you would set the default run level to either 3 or 5.

6. Runlevel programs

    When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level.
    Depending on your default init level setting, the system will execute the programs from one of the following directories.
        Run level 0 – /etc/rc.d/rc0.d/
        Run level 1 – /etc/rc.d/rc1.d/
        Run level 2 – /etc/rc.d/rc2.d/
        Run level 3 – /etc/rc.d/rc3.d/
        Run level 4 – /etc/rc.d/rc4.d/
        Run level 5 – /etc/rc.d/rc5.d/
        Run level 6 – /etc/rc.d/rc6.d/

Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.

Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.

Programs starts with S are used during startup. S for startup.
Programs starts with K are used during shutdown. K for kill.
There are numbers right next to S and K in the program names. Those are the sequence number in which the programs should be started or killed.

For example, S12syslog is to start the syslog deamon, which has the sequence number of 12. S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program will be started before sendmail.

There you have it. That is what happens during the Linux boot process.

File needs to update if required to change default runlevel 5 to 3

File is /etc/inittab and required to change below lines:
id:5:initdefault: to id:3:initdefault:

Finger command can be used to showing user info like Login Name, Canonical Name, Home Directory, Shell etc.

16 June, 2013

Linux Password Aging Policy

Password change for users on a regular basis is a best practice. But the users of linux system and developers are forced with reminder to change their password becuase they don't have habit to change password, so password change reminder is the responsibility of system administrators. We will discuss how we use Linux "chage" command to perform activities of password aging policy.

Install "chage" command as shown below:

[root@linuxguideco /]# yum install chage
    chage will be installed.

In this article we will describe the "chage" command usage with examples.

Following is the syntax for the 'chage' command.
[root@linuxguideco /]# chage [options] user

Following are the commonly used "chage" command options:

-m    option specifies the minimum number of days between which the user must change passwords. The password doesn't expire if value is 0(zero).
-M    maximum number of days the password is valid.
-d   to set the number of days since February 3, 1973 the password was changed.
-I specifies the number of inactive days after the password expiration before locking the account.
-E    specifies expire the account on mentioned date (YYYY-MM-DD format)
-W   specifies the number of days before password expiry date to warn the user.

To show user's aging information with -l option for user (asiface)

[root@linuxguideco /]# chage -l asiface
Last password change                                             : May 25, 2013
Password expires                                        : never
Password inactive                                            : never
Account expires                                  : never
Minimum number of days between password change      : 0
Maximum number of days between password change     : 99999
Number of days of warning before password expires    : 7
[root@linuxguideco /]#

Set the password expiry date for user asiface. The valid date format is YYYY-MM-DD or MM/DD/YYYY.

[root@linuxguideco /]# chage -E 06/15/2013 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                       : May 25, 2013
Password expires                                          : never
Password inactive                                          : never
Account expires                                        : Jun 15, 2013
Minimum number of days between password change : 0
Maximum number of days between password change   : 99999
Number of days of warning before password expires : 7
[root@linuxguideco /]#

Remove account's expiration date with -1.

[root@linuxguideco /]# chage -E -1 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                         : May 25, 2013
Password expires                                        : never
Password inactive                                            : never
Account expires                                          : never
Minimum number of days between password change      : 0
Maximum number of days between password change     : 99999
Number of days of warning before password expires       : 7

Specify the number of days before the end of the account date a warning to change your password.

[root@linuxguideco /]# chage -W 8 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                   : May 25, 2013
Password expires                                          : never
Password inactive                                        : never
Account expires                                          : never
Minimum number of days between password change : 0
Maximum number of days between password change    : 99999
Number of days of warning before password expires      : 8

Specify the minimum number of days that must pass before the password must be changed. (Calculated from the date when the password was last changed.)

[root@linuxguideco /]# chage -m 12 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                       : May 25, 2013
Password expires                                      : never
Password inactive                                        : never
Account expires                                        : never
Minimum number of days between password change    : 12
Maximum number of days between password change    : 99999
Number of days of warning before password expires : 8

Set the maximum number of days which pwd must be changed.

[root@linuxguideco /]# chage -M 30 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                   : May 25, 2013
Password expires                                          : Jun 24, 2013
Password inactive                                            : never
Account expires                                        : never
Minimum number of days between password change      : 12
Maximum number of days between password change     : 30
Number of days of warning before password expires    : 8

Specify the number of days after the password expires when the account is locked.

[root@linuxguideco /]# chage -I 22 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                       : May 25, 2013
Password expires                                      : Jun 24, 2013
Password inactive                                      : Jul 16, 2013
Account expires                                          : never
Minimum number of days between password change      : 12
Maximum number of days between password change     : 30
Number of days of warning before password expires       : 8

To apply user's password aging with a single command, use the command as shown below.

[root@linuxguideco /]# chage -E 06/15/2013 -W 8 -m 12 -M 30 -I 22 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                      : May 25, 2013
Password expires                                         : Jun 24, 2013
Password inactive                                         : Jul 16, 2013
Account expires                                               : Jun 15, 2013
Minimum number of days between password change    : 12
Maximum number of days between password change    : 30
Number of days of warning before password expires        : 8

It can be disabled passwords aging in a single command, as shown below, for example.

[root@linuxguideco /]# chage -E -1 -W 7 -M 99999 -m 0 -I -1 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                     : May 25, 2013
Password expires                                          : never
Password inactive                                          : never
Account expires                                              : never
Minimum number of days between password change      : 0
Maximum number of days between password change   : 99999
Number of days of warning before password expires        : 7

To change password forcefully at first login to user. Command as shown below:

[root@linuxguideco /]# chage -d 0 asiface

[root@linuxguideco /]# chage -l asiface
Last password change                                  : password must be changed
Password expires                                       : never
Password inactive                                           : never
Account expires                                             : never
Minimum number of days between password change       : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires       : 7

When you attempt to login, following message will be appeared.
you are required to change your password immediately (root enforced)

Learn more about how the chage command use in linux, just type 'man chage' to view the detailed manual.

27 May, 2013

User and Group Management

A new user or update default new user information creates with useradd command. Usermod command modifies a user account; it is helpful to add a user to an existing group. Group has two types. The first is primary group of users and another is a secondary group. All information related to user accounts is stored in /etc/passwd, /etc/shadow, and /etc/group files to store user information.

The following commands are used to manage users and groups for all operations:
id, useradd, usermod, userdel, groupadd, groupdel, groupmod, passwd

User info

The id command shows information for a said user. It will use like this:
[root@linuxguideco /]# id user1
uid=502(user1) gid=503(user1) groups=503(user1)

Create a user

To create a new user:
[root@linuxguideco /]# useradd -c "User for Training Purpose" user1

The recently created user have to assign a password with passwd command for activation of the user. Some useful useradd options include the following:
-c : to sets a comment for the user.
-s : is used to define the default login shell of the user. If default login shell is not used then the system default shell becomes the user’s default login shell.
-r : option is create a user with UID<500 (system account)
-d : option is set the home directory of the user. The default home directory will be created.
-M : the home directory is not created. This is useful when the directory already exists.

Add a new user to existing secondary group

[root@linuxguideco /]# useradd -G group2 user2

[root@linuxguideco /]# grep group2 /etc/group
group2:x:505:user2

Change password of the user

[root@linuxguideco /]# passwd user2
Changing password for user user2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@linuxguideco /]#

Note that capital G (-G) option add user to a list of groups, only use comma in between groups without space. As shown below example:

[root@linuxguideco /]# useradd -G group3,group4,group5,group6 user3

If we don't specify username, then password will be changed of currently logged in user.

Add a user to a group

To modify user account's settings, we will use usermod command. We can check manual of usermod command with man page for available options. Add a user to a group is one of the useful command with usermod:

[root@linuxguideco /]# usermod -a -G group3 user3

Remove a user from a group

It a trickier to remove a user from a group. We can do that from command line. First of all you need to check a list of groups that your user is a member of:

[root@linuxguideco /]# id -nG user3
group3 group4 group5 group6

After that you need to put all groups with separated by comma to the usermod -G option, except the group which you want the user to be removed. So, to remove the user3 from group6, as shown below:

[root@linuxguideco /]# usermod -G group3,group4,group5 user3
[root@linuxguideco /]#

[root@linuxguideco /]# id -nG user3
group3 group4 group5

Lock and Unlock user accounts

Usermod command uses to lock and unlock user accounts. See shown below to lock out a user:

[root@linuxguideco /]# usermod -L user1

To unlock the user:

[root@linuxguideco /]# usermod -U user1

Delete a user

Userdel command is used to delete a user account. If we use the -r option then the user’s home directory and mail spool are also deleted:

[root@linuxguideco /]# userdel -r user1

Create a new group

To create a new group, as shown below:

[root@linuxguideco /]# groupadd linuxguide

The -r option can be used to create a group with GID<500 (system).

[root@linuxguideco /]# grep linuxguide /etc/grouplinuxguide:x:158:

Change a group’s name

Groupmod can be used to change a group name:

[root@linuxguideco /]# groupmod -n linuxtutorial linuxguide

[root@linuxguideco /]# grep linuxtutorial /etc/group
linuxtutorial:x:158:

Delete a group

Groupdel can delete a group:

[root@linuxguideco /]# groupdel linuxtutorial

User must be deleted before deleting a primary group of the user in the home directory, user's group will be same as username.

You can go to manual pages for more info of commands. We will type as shown below:
[root@linuxguideco /]# man adduser

21 May, 2013

Archiving and Compression

ZIP Command Basics

HOW-to zip multiple files

[root@linuxguideco backup]# zip linuxguide_file.zip linuxguide_file1 linuxguide_file2
updating: linuxguide_file1 (deflated 99%)
adding: linuxguide_file2 (deflated 99%)
[root@linuxguideco backup]#

HOW-to zip a directory and its files recursively

[root@linuxguideco /]# zip -r /backup/linuxguide.zip linuxguide

sample output
[root@linuxguideco backup]# ls -l
total 36976
-rw-r--r-- 1 root root 37816934 May 12 11:23 linuxguide.zip

HOW-to unzip a *.zip compressed file

[root@linuxguideco backup]# unzip linuxguide.zip

To see a output during unzip pass the -v option as shown below.
[root@linuxguideco backup]# unzip -v linuxguide.zip

sample output
[root@linuxguideco backup]# unzip -v linuxguide.zip
Archive: linuxguide.zip
Length   Method    Size Ratio   Date   Time   CRC-32    Name
-------- ------ ------- -----   ----   ----   ------    ----
    0 Stored        0   0% 05-12-13 11:17 00000000 linuxguide/
    856   Defl:N      628 54% 02-23-12 18:34 de237f42 linuxguide/rmt
   1498 Defl:N      685 54% 05-12-13 11:07 f93e84c3 linuxguide/updatesd
    -skip-
    118 Defl:N      102 14% 05-12-13 11:07 ad292c9a linuxguide/cups
    354 Defl:N      201 43% 05-12-13 11:07 3a5bd10d linuxguide/tmpwatch
--------          ------- ---                            -------
190712477         37281378 81%                            3037 files

HOW-to list a content of zip file with uncompressing it

[root@linuxguideco backup]# unzip -l linuxguide.zip

sample output
Archive: linuxguide.zip
      Length     Date   Time    Name
      --------    ----   ----    ----
          0 05-12-13 11:17   linuxguide/
       223 05-12-13 11:07   linuxguide/nmptra
       877 05-12-13 11:07   linuxguide/mon
      -skip-
       296 05-12-13 11:07   linuxguide/ntpd
       418 05-12-13 11:07   linuxguide/akewha
       078 08-29-12 16:28   linuxguide/wat
       137 05-12-13 11:07   linuxguide/mlocat
       --------                   -------
       190712477                   3037 files

Zip command advanced compression

There are 10 levels of compression by zip command provided.

Level 0 (zero) is the lowest level where there is the archive file without compression.
Level 1 performs little compression. But it will be very fast.
Level 6 is the default level compression.
Level 9 is the maximum compression. It will be slower compared to the default level. In my opinion, if you compress a large file, you should always use level 9.

In the example below, I have level 0 (zero), level 1, default level 6 and level 9 compression to the same directory. See the compressed file size.

[root@linuxguideco /]# zip /backup/linuxguide_file.zip /linuxguide_file
updating: linuxguide_file (deflated 99%)

[root@linuxguideco /]# zip -0 /backup/linuxguide_file-0.zip /linuxguide_file
adding: linuxguide_file (stored 0%)

[root@linuxguideco /]# zip -1 /backup/linuxguide_file-1.zip /linuxguide_file
adding: linuxguide_file (deflated 97%)

[root@linuxguideco /]# zip -6 /backup/linuxguide_file-6.zip /linuxguide_file
adding: linuxguide_file (deflated 99%)

[root@linuxguideco /]# zip -9 /backup/linuxguide_file-9.zip /linuxguide_file
adding: linuxguide_file (deflated 99%)

[root@linuxguideco backup]# ls -lhtr
total 2.7M
-rw-r--r-- 1 root root 1.3M May 14 05:44 linuxguide_file
-rw-r--r-- 1 root root 1.3M May 14 05:39 linuxguide_file-0.zip
-rw-r--r-- 1 root root 41K May 14 05:40 linuxguide_file-1.zip
-rw-r--r-- 1 root root 13K May 14 05:40 linuxguide_file-6.zip
-rw-r--r-- 1 root root 12K May 14 05:41 linuxguide_file-9.zip
-rw-r--r-- 1 root root 13K May 14 05:42 linuxguide_file.zip
[root@linuxguideco backup]#

Validate a Zip Archive

Sometimes you may want to validate a zip archive without extracting. To test the validity of the zip file, pass the option -t as shown below.

[root@linuxguideco backup]# unzip -t linuxguide_file.zip
Archive: linuxguide_file.zip
    testing: linuxguide_file          OK
No errors detected in compressed data of linuxguide_file.zip.

HOW-to unzip a file

[root@linuxguideco backup]# unzip linuxguide_file-9.zip
Archive: linuxguide_file-9.zip
inflating: linuxguide_file
[root@linuxguideco backup]#

Zip files password protection

Pass the option -P to the zip command to assign a password to the zip file.

[root@linuxguideco backup]# zip -P mysecurepwd linuxguide_file-protected.zip linuxguide_file
adding: linuxguide_file (deflated 99%)
[root@linuxguideco backup]#

[root@linuxguideco backup]# unzip linuxguide_file-protected.zip
Archive: linuxguide_file-protected.zip
[linuxguide_file-protected.zip] linuxguide_file password:
inflating: linuxguide_file
[root@linuxguideco backup]#

The above option is good if you use the command in a shell-script for background work. On the other hand, if you perform the compression on the interactive command line, you do not want to be seen in the password history. So it will use the option -e as shown below to assign a password.

[root@linuxguideco backup]# zip -e linuxguide_file-protected.zip linuxguide_file
Enter password:
Verify password:
adding: linuxguide_file (deflated 99%)
[root@linuxguideco backup]#

When you unzip a password protected file, it will ask for the password, as shown below.

[root@linuxguideco backup]# unzip linuxguide_file-protected.zip
Archive: linuxguide_file-protected.zip
[linuxguide_file-protected.zip] linuxguide_file password:
inflating: linuxguide_file
[root@linuxguideco backup]#

Tar command (tape archive)

tar command is used to convert a group of files into an archive.

The following command created a single archive backup file /backup/abc.tar. This archive will contain all the files and subdirectories.

[root@linuxguideco backup]# tar cvf /backup/abc.tar /abc/

sample output
/abc/abcnss_compat
/abc/abcpamc
/abc/abccap
-skip-
/abc/iptables/abcip6
/abc/iptables/abci
/abc/iptables/policy
[root@linuxguideco backup]#

option t will display all the files from the tar archive.

[root@linuxguideco backup]# tar tvf /backup/abc.tar

drwxr-xr-x root/root    0 2013-04-01 19:35:45 abc/
-rwxr-xr-x root/root     36468 2013-01-08 18:33:16 abc/abcnss
-rwxr-xr-x root/root     9868 2013-01-09 10:30:33 abc/abcpamc
-rw-r--r-- root/root       390824 2009-03-25 06:52:17 abc/abcgobject
-skip-
-rwxr-xr-x root/root      5312 2012-10-30 21:07:16 abc/abcipt_ah
-rwxr-xr-x root/root      8432 2012-10-30 21:07:16 abc/abcip6
-rwxr-xr-x root/root      6932 2012-10-30 21:07:16 abc/abcipL
-rwxr-xr-x root/root     10420 2012-10-30 21:07:16 abc/abcip6
[root@linuxguideco backup]#

x option to extract the files from the tar archive as shown below. This will extract the contents of the current directory location where the command is run.

[root@linuxguideco backup]# tar xvf /backup/abc.tar

abc.tar will be extracted.

[root@linuxguideco backup]# du -hsc /abc.tar
127M    /abc.tar
127M    total

HOW-to gzip with tar

Add option z to the tar command when dealing with tar.gz compressed file.

[root@linuxguideco backup]# tar cvfz /backup/linuxg.tar.gz /linuxguide

linuxguide/abc.tar
[root@linuxguideco tmp]#

option x will extract all the files from the tar archive.

[root@linuxguideco backup]# tar xvfz /backup/linuxg.tar.gz

option t will display all the files from the tar archive.

[root@linuxguideco backup]# tar tvfz /backup/linuxg.tar.gz

[root@linuxguideco backup]# du -hsc linuxg.tar.gz
60M     linuxg.tar.gz
60M     total

Note: Using gzip is faster when compared to bzip2.

HOW-to use bzip2 with tar

Add option j to the tar command when dealing with tar.bz2 compressed file.

[root@linuxguideco backup]# tar cvfj /backup/linuxg.tar.bz2 /linuxguide
/tmp/linuxguide/abc.tar
[root@linuxguideco tmp]#

option x will extract all the files from the tar archive.

[root@linuxguideco backup]# tar xvfj /backup/linuxg.tar.bz2

option t will display all the files from the tar archive.

[root@linuxguideco backup]# tar tvfj /backup/linuxg.tar.bz2

Note: Using bzip2 gives higher level of compression when compared to gzip.

In the end, we will summarize this topic what we've learnt from it. Highlights of the article is mentioned below:

how to zip multiple files
zip a directory and its files recursively
unzip a *.zip compressed file
unzip a zip file with v option
list a content of zip file with l option
zip command with advanced compression
validate a zip archive with t option
zip files with password protection
tar (tape archive) command
how to use gzip and bzip2 with tar

We've prepared it and hope it would be helpful for Linux learners.

Pages