Understanding “fsck” in Linux

Importance of FSCK Utility

No one can predict when the system will get crash or your filesystem gets corrupt and if it happens then you may lose all of your valuable data from your hard drive. If you found that your filesystem creates such inconsistency then it is always run fsck to check the integrity, and this can be completed by using the special command called “fsck”(Filesystem consistency check). You can run this command manually or can start at the boot times.

You will need to run “fsck” on the following situation occurs

1.Taking a backup of your filesystem

2. Files on your system become corrupt

3. To do the consistency check

Ex:1 To run fsck on the filesystem

Syntax:

#fsck   <filesystem>    or   fsck   <mount point dir>

Note: To run fsck on a  filesystem, the filesystem should be in the unmounted state and inactive, You should never run fsck on the mounted partition doing so would corrupt the filesystem.

First check the filesystem is in mounted or in the unmounted state by using the following command

#df  -h

As you can see from the above output,/dev/sda2 is in the mounted state, now unmount this filesystem by using the following command

#umount  /dev/sda2
#df  -h

Now run the fsck on this filesystem for integrity check

#fsck  /dev/sda2

As you can see from the output, fsck hasn’t found any errors from the /dev/sda2 filesystem.

To Repair the Linux Filesystems errors automatically

When the filesystems have more than one errors, then for each and every scan fsck will ask the confirmation before it proceeds to repair all the errors, apply -y option with the fsck command to do the check and repair automatically.

#fsck  -y   /dev/sda2

Running fsck on the mounted partition:

If you run the fsck on the active partition  then  the file system will go to the  corrupted state,

Understanding fsck exit codes

While running the fsck, we may get some error codes, below are some of the important error codes we will get after the execution

0 =No errors

1 =File system error corrected

2 = System should be rebooted

4 =  File system error left uncorrected

16 = syntax error

32 = Checking cancelled by the user

To check the fsck error codes, run the following command after fsck,

#fsck  /dev/sda2

#echo $?

The above command will produce some error code after the execution of fsck command

As you can see from the above output echo $? command produced “0” error code which says there is no error found on the fsck scan.

Visit my youtube channel for more online tutorials 👇🏻👇🏻

To check the filesystem only for errors and don’t  repair

When you want to scan only for the errors  and you don’t want to repair, then  run the below command with -n option

#fsck  -n  /dev/sda2

The above command will scan only for the errors.

To run the fsck only on Unmounted partitions

When you are not sure about the mounted and unmounted partition details, run the below command, this will run fsck only on the unmounted partitions, when fsck detected any mounted partitions while running it will skip running on that partitions.

#fsck  -M
To run a fsck check on all the available partitions

To do a filesystem check on all partitions(including root partition), run the following command with -A option

#fsck  -A

A = Run fsck on all the available paritions

if you want to skip running fsck on the root(/) partition, then add the -R option with fsck as shown below,

#fsck -AR

The above command skips running fsck on the “/”(root) partition and it runs on all the remaining partitions.

 

I hope you have enjoyed this tutorial if so Kindly subscribe and share it with your friends.
                                          🙏🙏 Thank you 🙏🙏
#############################################################
For More Videos Subscribe My Youtube Channel  Linux Vasanth
If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe

################################################################################

 

 

Rhel 6 installation Step by Step

Installing RHEL 6:

Red Hat Enterprise Linux(RHEL 6) is  Linux operating system Developed by Redhat.RHEL is available on multiple platforms including x86,x86_64, IBM P-series, IBM System-Z. Redhat is one of the most widely used Operating systems on Enterprise Level. Many other Linux distribution has been cloned from Redhat Enterprise Linux, these include CentOS and Oracle Linux.

To start the installation process:

Step:1 Select “Install or upgrade the Linux system

Step:2 Begin Test Media Before Installation

It is always advisable to begin test media for any error before you starting the installation process.In this example, i choose to skip option as i have done the check already.

Step:3 Welcome screen

At this screen, choose next to continue with the installation

Step:4 Select installation Language

At this screen you should select a language you would like to use during the installation, Here i choose “English”

Step:5 Select Appropriate Keyboard

Select the keyboard you would like to use, here i have choosen  us-english

Step:6 Select the devices to be used during the installation

Two options are avaiable here,from that here i have choosen Basic storage device option as we are installing on a x86 system using local harddrive.

Step:7 Configure your Server Host name

Here you have to give one new host name by which it can be identified on your network.

Step:8  Select your Time Zone

Here you will need to locate the nearest  city to your site. I have choosen  Asia/Kolkata

Step:9 Assign a new root user password

you have to set a strong password. Never give a password based on the dictionary words. The password should contain Upper and lower cases with the mixture of special charcters.

Step:10 Select Storage Installation type

You can choose various options where you can use all space avaiable or delete any existing parition, create a custom parition type, here I go with the custom layout type

 

Step:11 Select a Disk to create Partition

Here i have only one disk /dev/sda, select “Standard partition”

 

Step:12 Add the parition “/”

Create “/” parition with the minimum size, here i gave 18Gb

Step 13: Confirm the assigned parition details

Select “yes” and press enter to go confirm

Step:14  Writing storage configuration to Disks

choose write changes to disks and press enter

Step:15 Choose the Disk to install Boot Loader

Select the disk to install the boot loader and press enter , here i choose /dev/sda disk to install the bootloader

Step:16 Select the Installation type

The default installation of RHEL is that of a basic server. There are lots of option available depending on what your server will be used for. Depending on which options you choose, various packages will be included automatically with your installation .In this i have choosen “Desktop” type.

Step:17 Package installation

Here the packages we have choosen manually  will be installed and this process may take a while depending upon your choices

Step:18 Congratulations your installation is now complete

Congratulations, you have now installed RHEL. You will need to reboot your system

 

Step:19 Welcome Screen

After the installation, you will get the welcome screen, choose  “forward” to continue

Step:20 Software updates

From this screen, you can install the updates or if you want to install the updates later you  will have the options to select that

Step:20 Create a Non-root user account

You should create a non-root user account ,This account will be used for all non-administration tasks

Step:21 Setup Date and Time

Check that you have the correct date and time . You may also specify  to syncrnoize your time with a time server over the network. In real envirnonment, many organazations will use sepreate time servers for this functionallty.

Step:22 Kdump

kdump is used to collect the server information after a server crash. You will need to give the double the size of the RAM for this configuration

Step:23 Login Screen

At this login screen, you will need to choose the user account to log in, choose others and give “root” at the username field to log in to the server as a root user.

I hope you have enjoyed this tutorial, if so Kindly subscribe and share it with your friends.
                                          🙏🙏 Thank you 🙏🙏
#############################################################
For More Videos Subscribe My Youtube Channel  Linux Vasanth
If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe

################################################################################

Monitoring Commands in RedHat Linux Servers

Important Monitoring commands in Linux

For a system and network administrator, it’s very tough to debug and monitor the Linux servers activities and performance daily. In this tutorial, I have compiled some important monitoring commands that might be useful for the Linux/UNIX administrators. All these commands are available under all flavors of UNIX and these commands are very much useful in probing the cause for the errors.

1.vmstat(Virtual Memory Statistics):

This command will display the statistics of virtual memory, CPU activity, IO Blocks, Kernel threads and many more.

Some Linux distribution will not be having this command by default, You will need to install the systat package which contains the vmstat command.

#vmstat

2. To check the Active and Inactive Memory Details:
#vmstat -a

From the above output, you can check the active and inactive memory details, the column si and so indicates the following meaning,

si = Swapped in every second from disk in kilobytes

so = Swapped out every second to disk in kilobytes

free = Total free memory spaces
3.lsof(List of Open Files):

This command is very much useful in analyzing which processes are accessing and opening the files, and the open files include are Disk files, Pipes, Devices, Network sockets. For example when you trying to unmount a filesystem and if it not unmounting which means some process is accessing that filesystem, to check which processes are accessing the filesystem we can run this “lsof” command to get the full report. With this command, we can easily identify which files are in use

4. To list all open files
#lsof

From the above output,t it showing the long listing of open files

FD =File Descriptor and under this we will have some values ,

CWD =Current working directory

rtd = Root directory

mem = Memory mapped file

txt = Program text(Data and code)

TYPE of files and its identification

DIR =Directory

REG = Regular file

To learn more about “lsof” command visit this link Importance of lsof command

For More Linux Tutorial Videos visit my Youtube channel 👇🏻👇🏻

5.tcpdump (Network Packet Analyzer):

The tcpdump is the most useful command line  Network packet analyzer or packets sniffer program which is very much useful in capturing the TCP/IP packets that received or transferred on a specified network adapter over a network. This tool has also an option to save the captured data too a file for further analysis.

6. To capture the packets from a specific interface :
#tcpdump   -i   eth0

eth0 = Logical name of the network adapter,0 indicates the first  adapter 

Cancel the program by pressing ctrl+c, you will see the below output,

Note: This command saves the output in "pcap" format which can be viewed only by the "tcpdump" command
7. To capture only “N” number of packets:

By default the “tcpdump” command captures all the packets for the specified interface until you cancel the program, now by using one special option “-c”  you can capture the specified number of packets.

Below example  captures only 4 packets

#tcpdump   -c 4 -i eth0

8. To check the Number of Interfaces in you Server, run the following command
#tcpdump  -D

8.To capture and save the Packets in a File:
#tcpdump   -w   mylog.pcap    -i   eth0

mylog.pcap= filename along with the extension .pcap

9.To View the Captured Packet Files
#tcpdump   -r    mylog.pcap

10.To Capture Packets from a specific Port:

For example, To capture the packets from the “ssh” port, run the following command,

#tcpdump   -i  eth0  port  22

11.Netstat(Network Statistics):

This command is very much useful in monitoring the Incoming and outgoing packets and also you can monitor the interface statistics. When you are having connectivity issues to your server the first most thing is you need to check the port is in listening or non-listening state, that can be done by using the netstat command. This command is very much useful for the network administrators to check and analyze the network related problems.

12. To check all Listening ports of TCP and UDP Connections:
#netstat -a  |more

From the above output from the IP 192.168.1.175, one client is connected to my server via ssh port and the connection status is ESTABLISHED

13.To List only TCP connection details
#netstat -at

14.To Display the Full Statistics by Protocols:

By default, the statistics can be displayed only for the TCP, UDP, ICMP, and IP protocols, The -s option is used to specify a set of protocols

#netstat  -s

You can check the full statistics by protocols like Number of active connections, the total number of packets received, dropped and many more.

15.To display the statistics by TCP Protocols.
#netstat  -st

You can check the total number of active connections and failed attempts via this protocol and many more you can get from this command.

For Linux, Tutorial Videos visit my YouTube channel Linux Vasanth

16.IOTOP Command:

This command is very much similar to the “top” command, the only difference is with iotop you can check the real-time disk I/O and processe. This command is useful to find the exact process and high used Disk read/write processes

I hope you have enjoyed this tutorial if so Kindly subscribe and share it with your friends.
                                          🙏🙏 Thank you 🙏🙏
#############################################################
For More Videos Subscribe My Youtube Channel  Linux Vasanth
If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe

################################################################################

 

Rescue Mode In RedHat Linux

What is Rescue Mode?

When something goes wrong in your Linux box, there are so many ways to resolve that, however, these methods require that you to understand the system very well. As the name implies, rescue mode is there to rescue you from something. In normal operations, the Red Hat Linux systems use the files located on the system harddrive’s to do everything. But there may be a time when you are unable to get the Linux running completely enough to access its files on your system harddrive’s, By rescue mode, it is possible to access your files stored on your system hard drive, even if you can’t actually run the Linux from your system Harddrive.

When Rescue Mode is required?

You might need to boot in to rescue mode for any of these following reasons mentioned below;

1.You forgot the root password and bootloader password

2. You might need to re-install the Bootloader(i.e, GRUB)

3. Having Software/Hardware issues and you need to retrieve some important data from the hard drive

4.Unable to Boot the Linux in to the run level 3 or 5

Forgot the root and GRUB password:

What if you forgot your root password? You can boot your system to single user mode and from where you can reset the root password by using the “passwd” command, To boot the system to single user mode while booting, via bootloader is the only way to get in to single user mode, now what if I have assigned the bootloader password? You have no options now to get in to the single user mode when there is no way to recover your Linux box, “Rescue Mode” is the only way to resolve all these types of problems.

Having Software/Hardware issues:

There can be as many different situations under this category, Things like failing hard drive and forgetting to run the GRUB after building a new kernel, are the two things that can keep you from booting Rehat Linux. If you can get in to the rescue mode you may be able to resolve the problems and you can also get off some important files from your failing hard drives.

How to Boot the system in to Rescue Mode?

Use the following steps to boot in to the Rescue mode.

Step1: Boot the system from the Installation Media(cd/DVD)

Once the system has successfully booted  from the iso image, you will get the Red Hat Linux boot screen, choose the Rescue installed the system from the MENU SCREEN

Suppose if the Rescue option is not available means then you will need to choose the resue mode by using the following options at the boot prompt

[F1-main]  [F2:option]  [F3:Genera] [F4:Kernel] [F5:Rescue]

boot: Rescue

Step:2 Choose the Language

Select Language by using the arrow  keys and press enter

 

Step:3 Choose the Keyboard Type

Select the Keyboard type by using the arrow  keys and press enter

 

Step:4 Select the media contains the Rescue image

 

Step:5 Network type

If you want to access the system over the network in Rescue mode you can configure it from here. Mostly in the rescue mode network configuration are unnecessary.

 

Step:6 Next, a screen will appear telling you that the program now will attempt to find the RedHat Linux installation to rescue, choose “select” and enter

Step:7 Now you are in Rescue mode, if you grant it, then your root filesystem is mounted under the /mnt/sysimage directory, for example, all you files will be mounted under this location,your /etc/inittab file will get mounted under /mnt/sysimage/etc/inittab.

Once it is mounted under the /mnt/sysimage you will get the below confirmation on your screen

Step:8 Start the resuce mode shell and enter

Run the below command after entering in to the command line mode

#chroot   /mnt/sysimage

After this, you can open the system files to make the neccessary changes to make it function properly.

To exit from Rescue mode:

Type “exit” command twice to come out from the rescue envirnonment

#exit      (Leaving chroot environment)

#exit      (Leaving Rescue mode and restart)

 

Then choose “reboot” and press enter, this time your system will restart and reload all the selinux polices .

 

I hope you have enjoyed this tutorial if so Kindly subscribe and share it with your friends.
                                          🙏🙏 Thank you 🙏🙏
#############################################################
For More Videos Subscribe My Youtube Channel  Linux Vasanth
If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe

################################################################################

 

How to Configure SAMBA Server in Red Hat Linux?

In this article, I will explain how to setup SAMBA in Red Hat Servers followed by how to access the samba shared  files from the Windows client system.

1. With the help of the SAMBA Program, you can configure Linux server for files and printer sharing with the Microsoft Windows Client.SAMBA uses the TCP/IP Protocol for sharing the data between the cross-platform servers.

2. If you want to use Linux as a file server in a windows network, then you must have to know how to configure the SAMBA in Linux. Both Windows and Linux servers use different filesystems, It is impossible to create a Linux file server just by granting the windows clients/users to access the Linux File/Directories.

3. Windows server/system would not be able to access the data/files in the Linux Directories. So many differences are there between Windows and Linux  file systems, Let me tell you one example,

Windows filenames are not  Case sensitive whereas Linux filenames are case-sensitive, In windows data.txt and Data.txt are the same file, In Linux, both the files are different individual files.

4. Windows uses the CIFS(Common Internet File System) protocol for the sharing and this protocol is developed from the Server Message Block(SMB) protocol.

5.SAMBA is implemented by these two Protocols SMB&CIFS

6. Linux Doesn’t have SMB support by default, this is why SAMBA is required here, So SAMBA just imitates the behavior of windows file server by configuring the SMB protocol, when you run the SAMBA on the Linux Server, the Windows servers on the network can able to see the Linux server.

 

RPM’s Required to Configure SAMBA:

Before we configure SAMBA in Linux Server, let me show you what all are the rpm’s required to implement SAMBA.

1.samba = This rpm needed for SAMBA server

2.samba-client = Needed for samba client

3.samba-common = This rpm includes all the samba commands needed to configure SAMA in Linux.

4.samba-winbind = This rpm establish the connection between windows and Linux servers

5.samba-domain-join-GUI = To connect the Linux users with windows domains and workgroup

6.samba-doc =  Contains  SAMBA help documents

 

Configure SAMBA in Linux:

First check the following packages are already installed or not, if it is not installed, install it

*Samba

*Samba-winbind

*samba-common

Check the  Required Samba Packages are already installed or not by using the following command,

#rpm  -qa  samba

#rpm  -qa samba-common

#rpm  -qa samba-wi*

As you can see from the above output all the required packages are installed.

Services Needed to configure SAMBA

smb = Important service for providing authorization and authentication for file sharing between the windows and Linux.

nmb = This service understands and replies to NetBIOS name service requests to those produced by the windows server.

winbind  = This service is needed for host and username resolution

Note: smb&nmb services are mandatory and winbind is an optional service.

Check the status of each service by running the following command,

#service smb status

#service nmb status

#service samba-winbind status

As you can see from the above output, both the services are stopped, Now bring the service online by using the following command,

#service smb start

#service nmb start

Check the status again,

#service smb status

#service nmb status

As you can see from the above output, both the samba services now brought it back to online.

Now make these service online always when the Linux server is booted next time by using the following command,

#chkconfig smb on

#chkconfig nmb on

From now onwards, whenever the server enters the run level,3 or 5 the above services will come to online automatically.

Create new samba users from Linux server

#useradd  nirmal

#useradd jaslyn

Create a password for both the users,i.e don’t create a password for  users to access the local system,

you need to create a samba password for these users, so that these users can access  only the samba services

To create a samba password and add the users to samba database

Syntax:

#smbpasswd -a  <user>

#smbpasswd -a nirmal

#smbpasswd -a jaslyn

 

Configure Samba:

Create a directory and assign full permission, so that other users can read or write the contents from the directory. By default, other users don’t have write access to the directory created by the root user.

#mkdir  /data

#chmod 777 /data

#cd /data

#touch f1 f2 f3

cd /

 

As you can see from the above output, a directory with the name data has been created with full permission.

Now open the samba configuration file and put the  shared data details,

#vi   /etc/samba/smb.conf

Scroll down to the workgroup directory value and mention your workgroup name

Note: Make sure you have created the same workgroup on windows system also.

Now, look for the shared definition variable and mention the directory details along with the permissions.

browsable = yes/No you can Limit the users to his own home directory.

You no need to mention the home directory details here, since the samba reads the user home directory details from the /etc/passwd file.

Now save and exit  from the samba configuration file

To check whether you have mentioned all the details correctly inside the samba configuration file, run the command “testparm”  , if any invalid entries are present it prints the error details on your screen.

#testparm

 

As you can see from the above screenshot, everything so far  configured properly, press the enter button to see the output,

From the above output, the testparm command didn’t find any errors inside the samba configuration file, we have successfully applied all the needed parameters inside the samba configuration file.

Now restart the samba services to take effect

#service smb restart

#service nmb restart

In this Lab, I will disable the firewall and SELinux security features, so that I will not block the access.

Note: If you have Enabled Firewall and SELinux Security, At the end of this article I have explained what are all the policies we need it to enable from firewall and SELinux.

 

To stop the firewall services:

#service iptables stop

#service iptables save

As you can see from the above output, firewall services have been stopped successfully.

To stop the SELinux features:

#setenforce 0

Check the workgroup name from the windows server

As you can see from the above output, windows client system is on the same workgroup LINUXVASANTH as Linux server has.

If you see here different workgroup name then change it to LINUXVASANTH.

Check the connectivity from windows client system:

#ping 192.168.1.253

Linux server IP= 192.168.1.253

As you can see from the above output Linux server is communicating from the windows system.

Now try to connect to the Linux server from windows system  to access the samba shared resources as below,

Now Login as samba user(nirmal)

Now the user(nirmal) will be logged in his home directory path as below,

That’s it…Now we have successfully configured Windows system as a  client system of SAMBA

Now try to edit some files from the shared directory “data”, Let me edit the file “f1” from this directory

Since I have given full permission to the /data directory, samba users can write all the files from the /data directory.

 

Check the /data  directory from Linux server whether the appended content is updated on Linux server samba shared directory file f1,

We have successfully configured the SAMBA in Linux server and also verified the access from the client windows system.

 

*******************************************************************************************************************************

The PORTS and BOOLEAN Needs to be Enable if Firewall and SELinux security features are Enabled:

Allow SAMBA through firewall (i.e iptables)

The following port Numbers are used by the SAMBA

PORT 137 = UDP NetBIOS name service (WINSthe )

PORT 138 = DBP NetBIOS Datagram

PORT 139 = TCP (Windows File and Printer sharing)

PORT 445 = Microsooft DS-Active Directory,shares

PORT 445 = Microsoft DS  SMB file sharing (UDP)

To allow Firewall  for SAMBA ,Add the Following Rules in iptables,

#iptables -A INPUT -m state  --state NEW -m udp -p udp  --dport 137 -j ACCEPT

#iptables -A INPUT -m state  --state NEW -m udp -p udp  --dport 138  -j ACCEPT

#iptables -A INPUT -m state  --state NEW -m tcp -p tcp  --dport 139 -j ACCEPT

#iptables -A INPUT -m state  --state NEW -m tcp  -p tcp  --dport 445 -j ACCEPT

Restart the iptables services to make the changes update

#service iptables restart

#service iptables save

Allow SAMBA through SElinux

In Linux SELinux security features by default, it denies access to any shared resources, You need to enable some couple of booleans from SELinux security

1.samba_enable_home_dirs    =  Enable  the sharing of home directories 

2.samba_export_all_ro = Enable read-only access

3.samba_export_all_rw = Enable read and write access 

4.samba_share_t_Default  = SAMBA could share
#chcon -R -t samba_share_t  /data

Always mention the directory name you would like to give access from SELinux, otherwise, it would be a security risk.

 

 

I hope you have enjoyed this article, if it was please share it with your friends, hit the Subscribe button below and be sure to share among with your friends.

###################################################################################

If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe
For More Videos Subscribe My Youtube Channel    https://youtu.be/A7a72pmPa5o

 

How to Configure and Administrate Disk Quota in Linux?

In this Tutorial, I will explain how to configure Disk Quota in Linux Servers with all the basic concepts (Soft Limit, Hard Limit, Grace Period, blocks and inodes and many more)

The concept of Disk Quota:

1. In Production Servers, if there is a requirement to restrict the amount of disk space used on a partition by each and every user,  we can accomplish that by using the Disk Quota Features

2. If the Disk is being used by a single user(only one user) then there is no need of configuring the disk quota, when there are more numbers of users accessing a single partition, one or more users can upload files on an FTP server to the point of filling a file system. Eventually, other users are denied to upload access to the disk (Since the partition size is full).

3. With the Disk Quota Method in Linux, we can restrict or limit a user or group of users ability to consume disk space

Note1: User’s with quota enabled are not allowed to use additional disk space beyond his/her quota  Limit.

Note:2 Disk Quota methods are mostly used  by ISP’s by Web Hosting companies, On FTP sites (Google Drive, One drive and many more cloud services)and also on corporate file servers to make sure continuity availability on their file systems

 

How to Configure Disk Quota in RedHat Servers

In this Lab I use the regular partition for the demo setup, you can also add additional disk and then by creating one partition can enable the quota on that.

Note: Use the partition which doesn’t contain any important data in it.

Create a User and Assign a password

#useradd  Vasanth

#passwd Vasanth

Check the quota package is installed on your server

#rpm  -qa quota

Before we configure the quota we must know some of the important concepts we use it in Disk Quota.

1)Inode Number

Configuring Disk quota can be done to a user or group users based on the inode number or block size. The inode number is nothing but, it contains the entire information about the file(UID, GID, Size, Modify time, Access time etc) all these information are stored in the inode table. So every file uses one unique Inode number which contains the metadata about that file.

To control the size of the file ,we  should configure the quota based on the block size and if you want to control the number of files then we use inode number to configure disk quota, if you want to control both means, you need to configure the disk quota based on the block size and inode number.

a)For Example, if the quota is configured based on the inode number, Example 50 inode number is assigned to a user called NIRMAL, Since we haven’t assigned the block size, the user NIRMAL can create 50 files, no matter how big or small size they are, NIRMAL can create very large files,for instance NIRMAL can create a file of 50GB in size(ext4 file system supports 16Tib individual file size). here there is no control for the size of the files, the user can abuse the system.

b)For Example, if the quota is configured based on the block size, for instance, a 2GB quota is configured based on the block size for the user JOHN, Now JOHN can create files until the entire 2GB space is not filled up. But he can crash the inode tables by creating some 20000 files with each one with the size of 1kb, which means 200000 inode entries in inode table, Only with this 2GB  the user JOHN can crash the inode table.

 

c)If the quota is configured by Inode number and block size, for instance, 2GB Block size and 50 Inode numbers  are configured for a user “VASANTH”,now this user he cant crash the inode table or can abuse the disk space,coz he is not allowed to create more than 50 files and not allowed to use the disk space more than 2GB,

So I highly recommend you to use both inode number and block size while assigning a quota to a user.

Procedure to create the Disk quota:

1)Should Enable the quota

2)Remount the filesystem with quota

3)Create quota files

4)Configure inode or block-based policies.

Step:1  Save the quota details inside /etc/fstab file

In Linux,/etc/fstab file contains all the file system details to mount automatically at the time of booting. This file has the information about where it is mounted, the type of file system, permission and many more attributes.

In this example, I will use the partition /dev/sda2 to enable the quota.

#vi  /etc/fstab

To Enable the quota we should add “usrquota” in the fourth field, So from the above output, we have successfully enabled the quota on the partition /dev/sda2.

Note: Any changes made in the /etc/fstab file will not take update until next time reboots. This update can be done in two ways one is “reboot” the server and the second one is remount the partition with the quota options, In production servers, it is not advisable to reboot the server, so the second option would be better to update the /etc/fstab file changes.

Step:2  Remount the File System

Syntax:

#mount   -o  <option>   <filesystem or mount point dir>
  #mount  -o remount,usrquota   /home

As you can see from the above output we have successfully remounted the partition with quota, if the partition is remounted without any error which says the quota option is successfully applied.

Step:3  Create the Quota Files

To create the quota files run the following command,

Syntax:

#quotacheck   -cu  <quota enabled Partition >

quotacheck = Used to check the quota implementation

-c = To create the quota files in the partition

-u = To check the user quota

As you can see from the above output the “usrquota” file has been created under the partition mount point directory /home.

Step:4  Sync the disk quota database file with the current disk usage

#quotacheck -avu

-a = To check all quota enabled partitions

-v = To display the verbose output (i.e Real-time output)

-u = Check user disk quota  details

As you can see from the above output, quota database files successfully synchronized.

Step:5  Configure the Quota Limits for users

In order to configure the quota for users, we need to assign three values

1.Soft Limit

2)Hard Limit

3)Grace Period

SoftLimit= This is the maximum amount of space a user can have on that partition, If you set a grace period then this will act as an alarm, User will be notified he/she is in quota violation

HradLimit= It is Necessary only when you are using grace periods. If the grace period is enabled then this will be the absolute limit a user can use, any attempt to consume resources beyond this limit will be denied

 

Let us assign a quota for user JAS

To configure quota we need to use the command“edquota” followed by the username

#eduota   JAS

As you can see from the above output, the user “JAS” is allowed to  consume the maximum disk space is 100MB,once the user reaches the soft limit the grace period will start running and the user can use the size up to 100MB, After reaching the size 100MB, user will receive “quota exceed” message  on his screen.

Tips: Default Block size is 1kb(1block=1kb)

To check the assigned quota details  run the following command

#repquota -a

As you can see from the above output you can check the quota assigned to all the users.

The user “JAS” is allowed to consume the maximum disk space of 100MB, and the default grace period is 7 days, once the user reaches the soft limit, the grace period will start running.

Now let me log in to the JAS account and try to create some files with the size more than 50 or 100 MB

#su - JAS

$

As you can see from the above output, when JAS try to create a file with the size above 100MB  he is denied to consume the disk space beyond his limit, This is how the disk quota works.

Useful Commands:

To check the quota details for an individual user run the following command

#quota  JAS

Tips:

1)If the Soft Limit and Hard Limit are same then grace period is not required

2)If the Soft Limit and Hard Limit are  different then grace period is  required

3)Hard Limit size should be higher than the soft Limit

4)Once the grace period is expired, then users are not allowed to use any additional spaces

5)Grace period timer will be removed automatically, once the user brings the consumption below the soft Limit

***********************************************************************************************************************************

I hope you have enjoyed this article, if it was please share it with your friends, hit the Subscribe button below and be sure to share among with your friends.

###########################################################################################

If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe

Never miss an article Do like my official  FB page 👉 Learn Linux in an easier way

For More Videos Subscribe My Youtube Channel    https://youtu.be/A7a72pmPa5o

############################################################################################

 

How to Configure RAID-1 in Redhat Linux

Configuring RAID-1(Mirroring)

RAID-1 Mirroring means having the same data on both the hard-disks,i.e exact clone of the same data copied on both the disks.

Minimum Requirements to configure RAID-1:

1.Minimum 2 Hard-disks required(You can also add more than two disks 4,6,8 for that the server should have the RAID Physical adapter installed)

Advantages of RAID-1

1. Read performance is better than writing data to the hard disk

2.If one disk fails there is no data loss since we have the same data on both the disks.

3.50% of space will be lost,i.e if we have two disks with 250GB size total, it will be 500GB but in mirroring it will show only 250GB.

Configure RAID-1

Step:1 Check the drives whether there is already RAID configured by using the below command

#mdadm  -E  /dev/[b-c]

As you can see from the above output there is no RAID superblock detected i.e no RAID defined yet

Step:2 Partition Drive for RAID

As I have mentioned already minimum 2 harddisks required to configure RAID-1, I have attached two disks /dev/sdb,/dev/sdc for configuring RAID-1, Let us create partitions on these two hard disks and change the pariton type to RAID while creation.

Procedure to create RAID type partitions on the drives

1. Choose ‘n’ to create a new partition

2. Then choose ‘p’ for a primary partition

3. Now select the partition number ‘1’

4. Give the default full size and then press enter

5. Now press ‘p’ to check the mentioned partition

6.Press “L” to list all the available partition types

7.Type ‘t‘ to choose the partition

8. Now choose ‘fd’ for the Linux RAID and press enter

9.choose ‘p’ once again to confirm the changes we made

10.type ‘w’ to save the changes

Step:3

#fdisk /dev/sdb

 

Follow the same above  procedure to create the partition on /dev/sdc drive

Step:4

#fdisk /dev/sdc

Step:5

We have successfully created the partitions on both the drives, verify the changes on both the drives /dev/sdb & /dev/sdc  using the following command

#mdadm  -E /dev/sd[b-c]

From the above output, you will see no md superblock detected because there is no RAID defined on /dev/sdb1 and /dev/sdc1.

Step:4 Configure RAID device  /dev/md0  using the following syntax

#mdadm   --create   /dev/md0   --leve=raid1 --raid-devices=2  /dev/sdb  /dev/sdc

After executing the above command, check the RAID-1 status by using the below syntax

#cat  /proc/mdstat

 

Step:7 Check the RAID Array and device types by using the following command

#mdadm  -E /dev/sd[b-c]

#mdadm  --detail   /dev/md0

From the above output, RAID devices successfully created by using the /dev/sdb and /dev/sdb drives

Step:8 Creating a file system on RAID devices

#mkfs  /dev/md0

Step:9 Mount the file system to some mount point directory

#mkdir  /RAID

#mount  /dev/md0    /RAID

To check the mounted filesystem status

#df -h

From the above output, the RAID devices successfully mounted under the RAID directory.

If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe

Never miss an article Do like my official  FB page 👉 Learn Linux in an easier way

##############################################################################################

 

 

Basic concepts of RAID

RAID(Redundancy Array of Independent Disk):

A RAID  is an only way in which you can link up  several hard disks so that if any one of them fails, the other one can take over the load

Types of   RAID:

1)Hardware RAID

2) Software RAID

Hardware RAID: It has its own independent disk subsystem and resources.It doesn’t use any resource from the system such as RAM, CPU, and power.Since it has its own dedicated resources it will not put any additional Load on the system, It also provides very high performance.

Software RAID: Performance wise when compared to hardware RAID software RAID delivers slow performance since it uses all the resources from the system.

concept of RAID:

1.Hot spare: This is the additional disk in the RAID array, if any disks fail, data from the faulty disk will be migrated to the spare disk automatically.

2.Mirroring: The copy of the same data will be available on the mirror disk, like making an additional  copy of data

3.Striping: If this feature is enabled then data is written to all the available disks randomly, it is like sharing the data between all disks, so all of them fills quickly.

4.Parity: The parity regenerates the lost data from the saved parity information.

There are different levels of RAID available based on how mirroring and striping needed, Among these levels, LEVEL 0, LEVEL 1, LEVEL 5   are mostly used in Redhat Linux.

Let us have a look at these different levels of RAID

RAID 0-Striping:

It provides striping without parity, Since it doesn’t store any parity data performs the read and write operation equally, Speed would be much faster than other levels, Minimum two hard disks required for this level.All the harddisks in this levels are filled equally.You should use this level only if the read and write speed are concerned.when you decide to use this level always have a backup plan on your data because a single disk failure from the array will result in total data loss.

RAID 1-Mirroring:

In this level it provides parity without striping, data will be written on both the harddisks, if any of these failed or remove still we can get the data.This level requires two hard disks.It means if you want to use two hard disks then you will have to deploy 4 hard disks or if you want to use one hard disk then you will have to use two hard disks, First hard disk stores the original data while the other disks provides the exact same copy of the first disk, performance is reduced since data is written twice,You should use this level only if data is concerned at any cost

RAID 5 Parity with Striping:

This level provides Parity and striping, This level requires minimum 3hard disks.It writes parity data equally in all disks.If anyone of disk fails, then data can be reconstructed from the parity data available on remaining disks.

NOTE: When you are using Hardware RAID  device, use hot swappable hardware RAID device with spare disks, if any disk fails data will be reconstructed on the first available spare disk without any time.

In our next article, I will show you how to configure RAID in Red hat Linux.

If you found this article useful, Kindly Subscribe here 👉  Click this link to Subscribe

Never miss an article Do like my official  FB page 👉 Learn Linux in an easier way

 

How to configure NFS server and NFS Client in Redhat Linux?

NFS(Network File System) developed by Sun Microsystem, for sharing the files and directories between the UNIX/Linux systems.NFS it allows you to mount your local filesystems over a network and also remote server to interact with them as they are mounted locally on the same system

NFS is purely based on the RPC(Remote Procedure Call) which allows the client to automatically mount the remote filesystems.

Advantages of NFS:

1.No manual refresh needed for new files

2.With this NFS it is Not necessary  that both the machines run on the same OS

3.secured with firewall and Kerberos

4.Files may be accessed via IP addresses, groups, users etc

5.The central management of this system would cut the workload by 80%

Disadvantages:

1.The greatest disadvantages are the issue of security because NFS is based on RPC, remote procedure calls, it is inherently insecure and should only be used on a trusted network behind a  firewall.

Let us see some of the important services that are needed  for NFS

1.nfs = It translates remote file sharing requests in to request on the local filesystem

2.rpc.mountd = This service is responsible for mounting and unmounting the filesystems

Configuration files for NFS:

1./etc/exports = Important configuration file for NFS, all exported files and directories are defined in this file at the NFS server end.

2./etc/fstab = To mount the NFS share resources automatically on system reboots, we need to manually put an entry inside this file

3./etc/sysconfig/nfs = Configuration file for NFS to control on which port RPC and other services are listening

Check NFS daemon is listening on both UDP and TCP  port 2049:
#rpcinfo -p   |grep nfs

From the above output, it is confirmed that NFS server is running and accepting calls on port 2049.

Check whether your system supports NFS or not:
#cat  /proc/filesystem  |grep nfs

Note: If you don’t see any output means NFS is not supported  or NFS module have not been loaded in to your kernel

To load the NFS module:
#modprobe  nfs

When everything is installed correctly, the NFS daemon should be now listening on both UDP and TCP 2049 port and the portmap should be waiting  for instructions on a  port 111

Check portmap is listening or not
#rpcinfo -p |grep portmap
Configure NFS server:

Setup details:

1.NFS server:  hostname=linuxvasanth.com, IP address 10.250.1.100

2.NFS Client: hostname: Dataserver, IP address=10.250.1.50

As I said above for sharing the directory we need to make an entry in “/etc/exports configuration file.In this example, i will share a directory name “myshare” in “/”  partition to share with the client-server

#mkdir  /myshare
Create some files and directories inside this directory
#cd  /myshare

#touch doc1 doc2 doc3

#mkdir d1 d2 d3

Now /myshare directory is having three files and three subdirectories.

Step:1 Make an entry in “/etc/exports” to make the directory shareable
#vi  /etc/exports

/myshare    10.250.1.50(rw,sync)

:wq!

The above entry says the directory myshare from “/” is being shared with the client IP 10.250.1.50 with read and write permission with the sync option.You can also use the hostname in place of the IP address.

NFS sharing options:

ro = can provide read-only access to the shared files,i.e the client can only able to read

sync: It confirms the requests to the shared directory only once the changes have been committed

no_subtree_check = It prevents the subtree checking when a shared directory is the subdirectory of the larger filesystem, NFS performs scans of every directory above it, in order to verify its permissions and details, disabling the subtree check may improve the performance of NFS but it reduces security

Note: The default behavior of NFS kernel daemon is to include additional option to export your line which is “no_subtree_check”

Step:2 Restart the NFS daemon

Once you have edited /etc/exports file you need to restart the NFS daemon to apply any changes

Note: Depending upon your Linux distribution restarting procedure for NFS daemon may differ

To restart the NFS service
#service nfs restart

To restart the RPC bind service
#service rpcbind restart

NFS and rpcbind are compulsory services for NFS daemon

rpcbind = Remote procedure call(RPC) service is controlled by rpcbind service

To list the NFS shared directories locally and remotely:
#showmount  -e

If this command shows error then the communication might be blocked by the firewall.

Configuring NFS client:

Now at the NFS client end, we need to mount that directory on our server to access it locally, to do this first we need to find out the shares available on the NFS server.

To mount the shared NFS directory
Syntax:
#mount  <option>  <NFSserver IP>:<NFS shared directory path>  <mount point directory path at NFS client>
To view the shared resources from NFS server:
#showmount   -e   <NFS server IP>

#showmount  -e  10.250.1.100

from the above output, one directory is shared in NFS server

Create a new mount point directory:
#mkdir  /data

Now mount the NFS share directory to your local mount point directory as follows,

#mount   -t  nfs   10.250.1.100:/myshare     /data

To check the mounted files
#df  -h

As you can see from the above output the shared directory from NFS server has been successfully mounted on NFS client at the location /data

To remove the NFS mount
#umount  /data

#df -h

Tips:

The following services are associated with NFS daemons and each service have its script files in init.d directory

1./etc/init.d/nfs =This is the main control script for NFS daemons which controls NFS services

2./etc/init.d/nfslock = Script for lock files and statd daemon, which locks and provides the status of files those are currently in use

3./etc/init.d/rpcbind = RPC program number converter

4./etc/init.d/rpcgssd = script for RPC related security services

Note: If you want to start a script manually you can execute by using the following syntax

#/etc/init.d  <script-name>

Ex: /etc/init.d/nfs

***************************************************************************************************

If you found this article useful, Kindly Subscribe here 👉🏿👉🏿  Click this link to Subscribe

Never miss an article Do like my official  FB page 👉🏿 Learn Linux in an easier way

 

 

Understanding “Network Bonding/Teaming” in Redhat Linux

How to configure Network Bonding/Teaming in Red Hat Linux

As a system admin we would like to avoid the server down by having the redundancy for the “/” filesystem by using the RAID technology(MIRRORING THE DATA), then multiple FC links to SAN technology with the help of Multipathing software and many more.How do you provide the redundancy in network level?As all, we know having multiple network card (NIC) will not provide any redundancy if either  NIC1 or NIC2  failed then it may lead to network downstate.

In RedHat Linux with the help of Bonding/Teaming, we could accomplish the network level redundancy.Once you have configured the bonding with the help of two NIC cards, then any failure occurs on any one of the NIC cards the kernel will automatically detect the failure of NIC  and it works safely without any issues.Bonding could be also used for the load sharing between the two physical Links.

The dig shows how Bonding is working

Let me show now how to configure network bonding in RHEL

Task: Configure Network bonding between eth0 and eth1 with name of bond0

Bonding driver: Linux allows binding of multiple network interfaces in to a single channel  NIC by using kernel module called Bonding
Tips: The behavior of the bonded interface depends upon the mode(mode provides either hot standby or load balancing service.

Make sure you have two physical Ethernet cards available in your Linux server

Step:1 Check the network adapter details
#ifconfig |grep eth

As you can see from the above output we have two Network adapters with the logical name eth0 and eth1.

Step:2 Edit the configuration file for both the ethernet cards as follows
#vi  /etc/sysconfig/network-scripts/ifcfg-eth0

add the following lines inside this file

Do the same for another interface eth1

Step:3 Create a “bond0” configuration file
#vi  /etc/sysconfig/network-scripts/ifcfg-bond0

add the following parameter as shown below

you will not find the /etc/modprobe.conf in RHEL6, so you need to define your bonding option inside the above configuration file(highlighted with yellow box)

We can configure NIC bonding for various purpose, so when you do the configuration you will have to specify the purpose for which you want to use the bonding.Here are the modes available with the bonding

1.balance-rr or 0: Set a  round-robin policy for fault tolerance and load balancing.Transmissions are received and sent out sequentially on each bonded slave interface beginning with the first one available.

2.active-backup or 1: Set an active-backup policy for fault tolerance.Transmissions are received and sent out via the first available bonded slave interface, another bonded slave interface is only used when the active bonded slave interface fails.

3.balance -xor or 2: Sets an exclusive policy for fault tolerance and load balancing.In this method, the interface matches up the incoming request’s MAC address with the MAC address for one of the slave NIC’s.Once the link is established, transmissions are sent out sequentially beginning with the first available interface

4.broadcast or 3: Sets broadcast policy for the fault tolerance, All transmissions are sent on all slave interfaces.

Understanding miimon in network bonding: It specifies(in milliseconds) how often MII link monitoring occurs.This is very much useful when high availability is required because  MII is used to verify that the NIC is active.

 

To  check that the driver for a particular NIC  supports the MII tool,run the following command
#ethtool  <interface name> |<grep "Link detected"

#ethtool   eth0 |grep "Link detected"

as you can see from the above screenshot driver supports the MII tool.

Step:4 Load the bonding module
#modprobe  bonding

Step:5 Restart the network interface to make the changes update
#service network restart

Step:6  Confirm whether your  configuration is working properly or not by using the following command
#cat /proc/net/bonding/bond0

As you can see from the above screenshot, NIC bonding interfaces are in active state.

Step:7 Verify whether “bond0” interface has come up with IP or not
#ifconfig -a

The above screenshot has confirmed the bonding interface has the IP address and it is in running state.

You can also notice eth1 and eth2  have flag “SLAVE” and for bond0 interface has flag “MASTER”

To verify the current bonding mode, run the following command

#cat  /sys/class/net/bond0/bonding/mode

From the above output, the current mode is balance-rr  or 0

To check the currently configured bonds
#cat  /sys/class/net/bonding_masters

The above screenshot says we have one master bond with the name “bond0”

Note: So from now onwards even if anyone of your NIC adapter failed, the bond0 interface will continue running and provides the uninterrupted service to the clients. The failed interface flag will be changed to “down”  state and after resolving the issue with the failed interface the flag again will change its state to “Running”.

I hope you have enjoyed this article, Kindly subscribe 👉🏿👉🏿 Click this link to Subscribe

Never miss any updates from my blog do like my FB page here 👉🏿👉🏿Learn Linux in an easier way

 

**********************Thank you**************************************************************************

How to Extend the size of Volume Group and Logical volumes(LVM)

Volume Group/Logical Volume Extending(LVM)

In our previous article we have seen the basics of LVM, how to configure PV, VG, LV, Here we are going to see how to increase the size of the existing volume group and logical volume size.As I have stated earlier the biggest advantage of Logical volume manager is, it allows us to increase the size of the logical volumes at any time when you are running out of space.

If you missed my previous  Basic LVM article you can visit here  Understanding LVM

Now in our case we have three PV, one VG and four LV, Check the details by using the following command

#pvs
#vgs
#lvs

As you can see from the above output, we don’t have enough space available in physical volumes and volume group, For example, if there is a requirement of additional 10 GB to one of the  logical volume, will it be possible to add 10 GB extra to the logical volume???no…we couldn’t extend that as we don’t have enough space in VG,

for extending what we have to do is, we need to add one physical volume(PV) and then we have to extend the volume group(VG) by extending the VG then we will get enough space to increase the logical volume size, so first will add one physical volume

For adding the PV we need to create one LVM partition with “fdisk” command

NOTE: YOU CAN ASLO ADD A NEW PHYSICAL HARDDISK TO EXTEND THE SIZE OF VG AND LV

1.To create a new partition, Press n

2.Choose the primary partition, press p

3.Choose which number of partition to be selected to create the primary partition

4.Press 3 (coz already I have created two partitions )

5.change the type using t

6.Type 8e to change the partition type to Linux LVM

7.Press w to write the changes

Now reboot the system once completed

Now check the partition we have created with fdisk

#fdisk   -l   /dev/sda

Now create a PV(Physical volume) using the following command

#pvcreate  /dev/sda3

Check the PV details

#pvs or pvdisplay

Extending the size of the Volume Group(VG)

Now you have to add this newly created PV to the volume group VG1 to grow the size of the volume group  to get more space for expanding Logical volume (LV)

Syntax:

#vgextend   <Volume group name>    <Physical volume name>
#vgextend   VG1   /dev/sda3

Now let us check the size of the volume group by using the following command

#vgs

As you can see from the above output, now the volume group  VG1 space extended from 3.99 GB to 19.09 GB

If you want to check which PV is used to create particular volume group run the following command

#pvscan

As you can see from the above screenshot each PV and its associated VG names are listed, we have just added one PV  and it’s totally free.

Extending size of the Logical volume(LV)

Before we expanding the size let us check the size of the  each Logical volumes

#lvdisplay or lvs

For better view Output has been truncated

In this example am going to expand the size of the logical volume lv1 (current lv1 size is 2 GB)

I will add additional 10 GB to the logical volume lv1

syntax:

#lvextend  -L <+size>   <Logical volume name path>
#lvextend -L +10 GB  /dev/VG1/lv1

As you can see from the above screenshot, now the  filesystem size is extended 10 12 GB  from  3.99 GB

After extending we need to resize the filesystem by using the following command

Before you run the resize2fs command you must have to run the e2fsck command to check the

#e2fsck -f  /dev/VG1/lv1

e2fsck is used to check the integrity of ext2/ext3/ext4 filesystem types.

Note:resize2fs will not run unless you execute e2fsck . 

#resize2fs  /dev/VG1/lv1

Now let us see the size of the re-sized logical volumes by using lvdisplay

#lvdisplay

As you can see from the above output after extending there is 12.00 GB from 3.99 GB

Now if we check the VG size available

#vgs

The above output says the current available VGfree size is changed from 19.9 GB to  9.09 GB

I hope now you have got some ideas on LVM concepts, resizing the LV, VG volumes.

Never miss any articles from Vasanth blog follow my facebook page for updates Learn Linux in an easier way
If you found this article useful, Kindly Subscribe here 👉👉🏿Click this link to Subscribe

 

 

LVM Logical Volume Manager

Introduction:

Logical Volume Manager(LVM) is the powerful tool in Linux to manage the Disk management system.Adding more space to the existing filesystem or partitions can be easily done by using the LVM.If a filesystem needs more space it could be added to its logical volumes from the free spaces in its volume group and then filesystem can be resized as per the requirement.

In today’s IT environment all the server’s needs more space day by day and we need to expand that based on our requirements.LVM can be used in RAID, SAN.A physical disk will be grouped together to create a  volume group, Then from the volume group, we need to create the individual partitions and create a new filesystem then mount it on some mount point directory to make it visible to the users.

Let me say this in simple words.To bring a disk in to the LVM structure,

1.Group all the physical disks together to create a physical volume

2.Create a volume group and add all the disks in the volume group

3.Now from the total volume group size we need to create the individual partitions i.e logical volumes

Logical Volume Manager Features:

1.It is very flexible to increase the size of the partition at any time.

2.Any filesystem can be installed

3.Migration can be used to recover the defective disk.

Now let us configure the LVM disk storage,

Ex:1 How to configure LVM

In this example, i  will add three hard disks(more than 3 u can use there are no limitations) to the server.After adding the additional hard disks to the server check whether the kernel recognized the disks by using the “fdisk” command.

#ls -l     /dev/sd*

Note: You can also use the “fdisk -l” command to check.

As you can see from the above screenshot, the newly added disks are recognized by the kernel.

Now its time to configure the LVM,Before we bring the disks in to the LVM structure we should format the disks with the LVM id.This can be done in two ways, I will show you here both the methods to label the disk with LVM partition type.

Remember you have to use either method:1 or method:2 to do this if you try both the methods when you run pvcreate command. you will get the disk missing error message 

Note: LVM Partition type ID is 8e

Method:1
#fdisk  /dev/sdb

Follow the steps as shown in the screenshot to associate the harddisks with LVM id

Repeat the same steps for the remaining harddisks i.e for /dev/sdc and /dev/sdd

Now check with “fdisk -l” whether all the disks are labeled with LVM id partition type

AS YOU CAN SEE THE ABOVE SCREENSHOT ALL THE DISKS HAVE BEEN LABELED WITH THE LVM PARTITION ID.

Method:2

Syntax:

Step:1

#pvcreate   <disk1>     <disk2>   <disk3>

In our case we have /dev/sdb,/dev/sdc,/dev/sdd

#pvcreate   /dev/sdb   /dev/sdc  /dev/sdd

This will write an LVM  header to the devices to indicate that they are ready to be added to a volume group

Step:2 Check the Physical Volume Details(PV)

Now verify that LVM has  registered the physical volumes by using the following command,

#pvdisplay

or

#pvs

From the above screenshot, all the three devices are present in the PV column

To view the same in detailed output run the following command

#pvdisplay

Note: For better view output has been truncated

Step:3  Create Volume Group(VG)

Now add the physical volumes to a volume group

Syntax:

#vgcreate    <VG name>    <disk1>   <disk2>  <disk3>
#vgcreate    VG1   /dev/sdb   /dev/sdc   /dev/sdd

Now if we check the pvdisplay or pvs command again, we can see that our physical volumes are now associated with the new volume group

#pvs or pvdisplay

As you can see from the above screenshot, now the physical volume disks have been added to volume group VG1.

To check the VG details
#vgs

or

#vgdisplay

As you can see from the above output the volume group VG1 has three physical volumes and zero logical volumes.

Here is the description of each parameter as shown in above screen shot.

1.VG NAME=Volume group name

2.Format = LVM architecture used lvm2

3.VG access = Volume group is in read and write and ready to use

4.VG status = Volume group can be resized, we can expand more if we need  to add more space

5.Cur LV= Currently there were two logical volumes in this volume groups

6.PE size= Physical extents, size for a disk can be defined using PE or GB size, 4MB is the default PE size of LVM, Say for example if we need to create 5 GB size of logical volume we can use the sum of 1280 PE, Got confused????🙄🙄

let me explain this in a easier way,as we all know 1024 MB=1 GB,if so 1024 MB * 5=5120 PE =5 GB,now divide the  5120 / 4= 1280,4 is the default PE size.

7.Total PE=  This volume group have

8.Alloc PE=  Total PE used.full PE already used,6141 * 4 PE = 24564

9.Free PE= Spaces are available as the lv are not yet been started using

Step:5 Create a Logical volume from the Volumegroup pool

We have a volume group available, we can use it for creating logical volumes.Unlike conventional partitioning, when working with logical volumes, you don’t need to know the layout of the volume since LVM maps and handle this for you.You only need to provide the size of the volume and name.

Now we will create three seprate logical volumes from the volume group

2G for  “lv1” volume

4G for “lv2” volume

4G for “lv3” volume

Syntx:

#lvcreate   -L <size>  -n  <Lv Name>   <Volume group name>
#lvcreate  -L  +2G  -n  lv1   vg1
#lvcreate  -L +4G  -n  lv2  vg1
#lvcreate   -L +4G  -n    lv3  vg1

Now check the logical volumes and their relationship with the volume group

#vgs

Step:6 Create a filesystem on logical volumes

Everything is done,inorder to make use of this logical volumes to store data we need to create a filesystem

#mkfs  /dev/vg1/lv1

#mkfs /dev/vg1/lv2

#mkfs  /dev/vg1/lv3

Repeat the same for the remaining logical volumes also i.e for lv2 and lv3

Step 7: Mount the Logical volumes to some mount point directory
#mount  /devv/vg1/lv1   /BACKUP

#mount  /dev/vg1/lv2   /DATABASE

#mount  /dev/vg1/lv3  /WEBDATA

All the logical volumes have been successfully mounted and its now ready to use

check the mounted filesystem information by using the following command

#df  -h

In our next article, we will see how to grow the size of the logical volume partitions, increase the size of the volume group and many more.

Never miss any articles from Vasanth blog follow my facebook page for updates Learn Linux in an easier way

If you found this article useful, Kindly Subscribe here 👉👉🏿Click this link to Subscribe

 

 

 

Access Control List (ACL)

As a system administrator, we have to protect the files and data from unauthorized access.As we all are very much aware of the permissions we set for files and directories by using chmod,chown,chgrp, however, these permissions have some limitations and may not work as per our needs.We cannot assign different sets of permissions for different users on same directory or files, thus Access control list was implemented.

Before we set the Acl permission we need to check whether ACL is supported by the kernel.

1.Chech Kernel for ACL support.

execute the following command to check ACL support for the filesystem, POSIX_ACL=Y option, if you see ‘N’ instead of ‘Y’ it means kernel doesn’t support ACL, we need to recompile the  kernel

#grep   -i  acl /bootconfig*

Types of ACL

There are two types of ACL available

1.Access ACL Used for allowing permissions on any directory or file

2.Default ACL – Used for granting access control list on a specific directory only.

Note:1 In default, ACL can be used only on directory level, if any subdirectory or file created within that directory will inherit the ACLs from its parent directory.On the other hand, a file inherits the  default ACL’S as its access ACL’s

Note:2 we use “-d” for setting the default ACL’s(default ACL’s are optional only)

Ex:1 To check the ACL details for a directory

Syntax:

#getfacl   <Directory name>
#getfacl   /SAN

Before setting the default ACL the permissions would like above

To set the default ACL’s to a directory we will use the command “setfacl”  command.,In this example setfacl command will set read and write permission for the direcrtory /SAN.

-m indicates Modify

#setfacl  -m  d:o:rw  /SAN

After assigning the default ACL’s the permission would look like this

#getfacl  /SAN

Ex:2 To set a ACL permission for a file or directory use the setfqacl command, here in this example we will assign read and write permission to the user linuxvasanth1

Let me check the default permission set  for the file /mydoc  berfore we assign the  ACL

#getfacl  /mydoc

As you can see from the above output the file has the default permission sets only.

Now set the ACL,

#setfacl  -m u:linuxvasanth1:rw  /mydoc

Now check the ACL permission again

#getfacl /mydoc

From the above output, ACL permission set is successfully assigned to the file

Ex:3 Remove the ACL permission

To remove the ACL’s permissions we will use the option -x and -b with setfacl command

#setfacl   -x ACL file/directory (This will remove only specified ACL from file/directory)
#setfacl  -b  ACL  file/directory (This will remove all ACL from a file/directory)

In this example am going to remove the user linuxvasanth1 from the file /mydoc

#setfacl  -x  u:linuxvasanth1  /mydoc

Now run the getfacl command to check

#getfacl    /mydoc

As you can see from the above output the user has been successfully removed from the ACL set

Never miss any article from this blog ,Kindly do like my FB page Learn Linux in a easier way

If you found this article useful, Kindly Subscribe here 👉👉🏿Click this link to Subscribe

********************************************************************************************************************************

 

 

 

 

 

 

 

 

 

Understanding SSH and SCP Protocols in Linux Operating System

What is SSH?

SSH is a Secure Shell protocol that lets you to open the remote terminal or shell session on any Unix based server where according to the permission available to the account you logged in to and execute commands.The primary advantage of ssh over other protocols including telnet is that everything you do during the session  will be encrypted so that anyone who might be watching at any point between you and  remote host will see only the unreadable text

Note: SSH stands for Secure Shell.All SSH session is encrypted and it requires authentication.It provides a very safe and secure way of exchanging the commands, configuring the services over remotely.Another important point is when you connect to the remote server using ssh you log in using an account that exists on the remote server.

Note: The port number for SSH protocol is 22

An Overview of how SSH works?

1.When an administrator connects to the remote server using SSH he will be dropped in to a shell session (usually bash), where you can execute commands, it will allow you to use only text-based  interface, whatever command you execute in to your local terminal are sent through an SSH tunnel (with encryption)and then it executed on your server

2.The SSH connection is purely based on the client-server model this means for an SSH connection to be established, the remote server must be active with the ssh daemon(sshd).This daemon will listen for the connections on the specific port(ssh), it authenticates the connection request and allows the connection if the user provides the correct credential details.

3.The client system must have an SSH client software and this software knows how to communicate with the SSH protocol, provides information about the remote host, username to use, credentials that need to passed to authenticate and many more.

How does SSH Authenticate users?

1.Most clients use to authenticate by using the password which is very less secured and not recommended to use, use the SSH keys which is a very secure way to connect.

2.SSH keys are sets of cryptographic keys which can be used for the authentication.Each set contains Public key and Private key.

Public Key: It is made available to everyone, it can be shared with anyone without concern.

Private Key: It must remain confidential to its respective owner

Note: Whatever is encrypted with a public key only be decrypted by its corresponding private keys.

Let me tell you how ssh key-based authentication works at the backend,

If you want to authenticate using SSH keys, the user should have an SSH key pair on their local system, now on the remote server, the public key must be copied to the file within the user’s home directory at ~/.ssh/authorzied_keys.This file contains a list of public keys, one per line, that are authorized to log in to this account.

Now when a user connect to a host, wishing to use the SSH key-based authentication, it will inform the server of this request and tell the server which public key to use,then the server checks its authorized_keys file for the public key,generate a random string and encrypts it using the public key,this encrypted message can be only decrypted with the associated private key.The server then will send this encrypted message to the user to test whether they actually have the associated private key.

Upon receipt of this message, the client will decrypt it using the private key, it then compares both the values if both the values are same then it allows the connection.This is how  SSH key based authentication works.

Now let us see how to connect to the remote server with SSH protocol

Ex:1 Connect to remote server  from local server:

The basic syntax to for this as follows,

#ssh <remote server ip address or host name>

In this example, I use my two  Linux servers for the demonstrations.

Server details:

Server1 IP address:10.250.1.50/linuxvasanth.com-Located at USA

Server2 IP address:10.250.1.100/productionclient-Located at LONDON

Let us see how to connect to server2 from server1.

linuxvasanth.com #ssh   10.250.1.100

If this is the first time you use the SSH you will see the below messages on your terminal

 

After giving Yes this will add your server to your list of known hosts(~/.ssh/known_hosts)

Each and every server will have a host key and the above confirmation question is related to verify and save the host key, Now next time when you connect to the server, it can easily verify that it is a trusted known server.After the server authentication is successfully finished it asks for a password.

Note: By default, SSH allows the direct root login, so here you have to give the root user password of the remote server(i.e 10.250.1.100 ip root user)

Now you can execute any commands, can configure services and many more.Here, for example, my task is to create a user account and password on remote server

The above output says the account has been created successfully on the remote server.

Once you have done with your task with the remote server you can leave the session or disconnect by using the exit command

To exit the connection

A

As you can see from the above output after executing “exit” command the remote server login session gets disconnected and your terminal now changes it to your local server session.

Ex 2: How can I log in as a normal user to a remote server?

In our first example I have explained how to login to remote server as a root user, As you know by default SSH allows the direct root login to remote server, in case if you want to connect to the remote server with non-root user run the following syntax

Note: Check the non-root user account exists or not on the remote server before you start.

Syntax:

linuxvasanth.com #ssh non-rootuser@remoteserverip
linuxvasanth.com #ssh john@10.250.1.100

After giving john user password you will connect it to the remote server terminal session as follows

Now if you want to gain root access you can use the switch user command “su” to switch to multiple user accounts as follows

Now to disconnect the session first you need to log out from the accounts you have connected as follows

How to change the default SSH Port number?

To protect your server from anonymous attack changing the default port number to another any unused port number would help .all users with Linux servers can change the SSH port number from SSH configuration file(the default port number for SSH is 22).

The configuration file for SSH is /etc/ssh/sshd_config

All you need to do is edit this sshd _config file, open the file with your preferred editor, before that it is always good to take a backup of the original file before you made any changes in it.

#cp  /etc/ssh/sshd_config    /etc/sshd_config.original

Open the file with the vi editor

#vi   /etc/ssh/sshd_config

# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22 -->default port number used for SSH now change this to your prefered port number
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
"/etc/ssh/sshd_config" 137L, 3848C

From the above file the line #port 22 here the # means it tells the server to ignore anything after it on the same line, now we will need to remove that character and put your preferred new port number.

Note: Make sure you are not using the port number which is already in use.If you are unsure check this TCP/IP and UDP Port numbers and its uses

Try to use the port number which is not listed in the above link, here I use 2222 port number.

Note: In firewall also you will need to change SSH port number to the new one.

Now restart the SSH service as follows

After making any changes in the default configuration file you will need to restart the respective service to make the changes come in to effect.here we have to restart the ssh service

#service sshd restart

From now onwards SSH will listen to the port number you have specified.

Understanding SCP Protocol in Unix/Linux operating system:

Scp stands for Secure Copy used to send files from Local server to remote server(Uploading) and copying files from remote server to local server(uploading) with securely, secured means all the data while transferring through the network  is encrypted.

SCP is installed by default on all Linux distributions as a part of OpenSSH package

Note: SSH is used to connect to the remote server with text-based interface

SCP- used to transfer files between the different servers

Scp it uses the  SSH port number 22 to establish the connectivity between the server

Ex:1 How to transfer  a file from Local server to remote server

For this example, the syntax would look like this

#scp  <FILE TO BE TRANSFER FROM LOCAL SERVER>  <USERNAME@REMOTESERVER IP ADDRESS>  :<DESTINATION PATH REMOTE SERVER>

Server1:10.250.1.50(Local server)

Server2:10.250.1.100(Remote server)

Now  am going to transfer a file from local server to remote server

#scp  /documents root@10.250.1.100:/tmp

Note:/documents is the local server file to be transfer

/tmp is the remote server destination directory path

Once the authentication is successful the file will transfer to the remote server destination path, you will see the percentage as 100 which indicates the entire data has been successfully transferred to the remote server.

Now to verify go to the remote server (10.250.1.100) /tmp directory and list whether the file /docments is successfully saved.

#cd  /tmp

#ls -t

Note: -t option is to list the latest modified or create file to display  in the first

The above screenshot has confirmed the file has been successfully saved under /tmp directory of the remote server.

Ex:2 How to transfer a directory and all its contents from local server to the remote server?

To copy the entire directory we need to use the option -r  with the scp command i.e recursive which will select the entire directory contents.

Syntax:

#scp  -v  -r  <Local server dir>   <user@remote server ip>:<remote server destination dir path>

you can also use the -v verbose option to view the detail output on your screen.

From Server1 (10.250.1.50) am going to transfer /mydatabase directory to the remote server /myfolder path

As you can see from the above output mydatabase directory is have some files and subdirectories.

#scp   /mydatabase root@10.250.1.100:/myfolder

Note: If you forget to mention -r option while transferring the entire directory you will get the error message it is not a regular file, check the above screenshot.

Always use  -r while transferring the entire directory to the remote server.

After giving the correct password scp will transfer the /mydatabase directory to the remote server directory /myfolder

Now go to the remote server /myfolder path and confirm whether the directory /mydatabase is successfully transferred.

#cd  /myfolder

#ls

AS YOU CAN SEE FROM THE ABOVE OUTPUT THE ENTIRE DIRECTORY ALL ITS CONTENTS FROM THE LOCAL SERVER /MYDATABASE  WAS SUCCESSFULLY TRANSFERRED TO /MYFOLDER PATH.

 

Note: To copy the files from remote server to the local server path you would use the same syntax in reverse as follows
#scp  username@remoteserverip:<remote serverfile>   <local server path>

I hope now you have understood the SSH and SCP protocols their uses in production environment

Never miss an article from this blog, Kindly do like my FB page Learn Linux in a easier way
If you found this article useful, Kindly Subscribe here 👉👉🏿Click this link to Subscribe

Understanding Remote sync(rsync) in RHEL

Introduction:

Rsync(Remote Synchronization) program is used to transfer and sync the files between the servers.rsync is very fast and secure way to transfer and sync the files.You can also use the Rsync command to copy and synchronize your data remotely and locally across the directories, disks, networks, to perform backup and mirroring between two Linux servers.
It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied.

Advantages of rsync:
1.It efficiently syncs and copies files to/from the servers.
2.It is much faster than the SCP(secure protocol) to transfer the files between the servers.
3.rsync it consumes very less bandwidth as it uses compression and decompression method to transfer the files from/to the servers.
Points to  remember:
1.When you are using the rsync command to copy/sync the data between the server for the first time ,it copies the whole content from the source file and pastes it in the destination file.
2.Next time when you run the rsync command it copies/sync only the updated bytes from the source file and paste it in the destination file.(coz of this rsync consumes less bandwidth while transferring data)
3.rsync uses delta-transfer algorithm, which maximum reduces the amount of data sent over the network by sending only the differences between source files and existing files in the destination.
Note1: This utility(rsync) is mostly used for backup and mirroring and as an improved copy command for everyday use.
Note 2: rsync finds the files that need to be transferred by using the quick-check algorithm that looks for files that have changed in size or in last modified time.Any changes in the other preserved attributes (as requested by options) are made on the destination file directly when the quick check indicates that the file’s data doesn’t need to be updated.
Syntax to run the rsync command:
#rsync   <options>   <source >      <destination >
Options available with rsync command:
-v = Verbose output
-r = Copies the data recursively(it will not preserve the timestamp and permission while transferring data)
-a = Archive mode(In this mode it allows copying the data recursively and it also preserve symbolic links, file permission, timestamp, user and group ownership)
-z = Compress file data
-h = Human readable format(display the size in MB,GB,kb format)
Before you start using the rsync utility you need to check whether rsync package is already installed on your server as follows,
#rpm  -qa rsync

The above output says the rsync package is installed already, so no need to install the package again.(Do this check on both the servers)
EX:1 To Copy/Sync Files and Directory Locally
In this example, we will sync a file on a local machine from one path to another path, Here we have a file  /mywhatsapp.txt needs to be copied/synced  to /var/mybackup  file

Syntax:

#rsync   <option>  <source>  <destination>
#rsync    -zvh   /mywhatsapp.txt   /var/mybackup

 

In the above example, the destination file mybackup is not already existed,rsync will create the destination file if it does not exist already.
Let us check whether the contents of the /mywhatsapp.txt is properly synced to the /var/mybackup file

The above screenshot has confirmed Everything is successfully synced to the destination without any data loss.
Note: As I said already in the beginning when you are running rsync for the first time it copies the entire content from the source file and paste it in the destination by default,After appending some more bytes to the source file,,again run the same command this time it transfers only the  updated bytes from the source to destination.
Now let us add some more bytes to the source file (in our case /whatsapp.txt is the source file)
#cat >>/whatsapp.txt

This is my second line

Control + d to save

Now run the  rsync command again,
#rsync -zvh   /whatsapp.txt    /var/mybackup

As you can see from the above screenshot rsync this time it transfers only the updated bytes to the destination.
Ex:2 Copy/Sync files/Directory from Local server to Remote Server
In this example, we will see how to sync data from local server to remote server.I have a directory on my local server with the name “Softwares” which contains rpm packages and you want that local server directory contents to be sync to a remote server.

Syntax:

#rsync <option> <Local serverfile path>  user@ipaddrofremoteserver:<remote server destinationpath>
Note: Remember to the sync files within your local system we use different syntax and for remote sync, we use the above syntax.

Server Details:

On server1: /Softwares (Source directory)

IP address:10.250.1.16
On server2: /tmp/mydatabase (destination file)

IP address:10.250.1.15
From 10.250.1.16 run the following command to sync:
Before I sync the data’s from /Softwares directory Let me check the total size of the directory by using the following command
#du -sh /Softwares

So the total data to be sync to the remote path is 3.3GB
#rsync  -avzh  /Softwares root@10.250.1.15:/tmp/mydatabase

As you can see from the above screenshot after authentication the files from the Softwares directory started syncing to the /tmp/mydatabase file.
Ex:3 Copy/Sync a Remote Directory to a Local server
In this example, we will see how to copy/sync a remote directory to local directory.Here we have a directory under /var/log/student which is on a remote server is being copied to your Local server under /tmp/serverdata

Syntax:

#rsync  <option> user@remoteserverip:<Remote server path>   <Local server path>
Note: The syntax will change always the way we use the rsync command.
On server1(10.250.1.16) run the following command:
#rsync   -avzh   root@10.250.1.15:/var/log/student   /tmp/serverdata

Now go to the local server path /tmp/serverdata and check whether the remote server directory “student” synced without any error.
On server 10.250.1.16 run the below command to confirm:
#cd /tmp/serverdata

#ls

As you can see from the above output the directory successfully synced to the local server path /tmp/serverdata.
Tips: The rsync utility by default it uses the  SSH port number 22  to sync the files over the local server to remote server.
Never miss any article from this blog ,Kindly do like my FB page   My FB official Linux Page

If you found this article useful, Kindly Subscribe here 👉👉🏿Click this link to Subscribe

*********************************************************************************************************************************

 

Booting Process Linux

Introduction:

In this article, we are going to learn about the booting process in Linux based Servers.As a system administrator knowing the backend process while power on the server is much needed in IT environment.It helps the administrator in resolving the issues during the booting process.

There are five phases available in booting process:

1)BIOS

2)BOOTLOADER

MBR

GRUB

3)KERNEL

4)INIT

5)RUNLEVEL SCRIPTS

Let us have a look at each phase in details

BIOS(Basic input and output system):
  • When you power on the server BIOS is the first program that loads.

After you press the power button the CPU will check in to the ROM for the further process

  • Because the ROM it has the instructions to tell CPU to start the BIOS

Then BIOS will check all the hardware and bootable devices available on your server After analyzing BIOS will check how to boot the operating system (hard disk or CD-ROM or DVD or network boot).

  • If it is a hard disk then it will look for the primary boot loader to start the operating system
BOOTLOADER:
  • Bootloader resides inside the MBR(Master boot recorder) chip, the bootloader program doesn’t know anything about the operating system filesystems, it knows only the partition table layout pieces of information and how many hard disks attached.
MBR:

The master boot recorder resides in the first sector of the hard disk.

  • The total size of the MBR is only 512 bytes.

From this total 512 bytes, the first  434 to 446 bytes are reserved for the primary bootloader, 64 bytes for the partition table and 6 bytes for the MBR timestamp validation.

  • As I have mentioned above the MBR is not aware of the operating system filesystem, so MBR cannot directly load the kernel program it requires a bootloader with the filesystem driver for each supported filesystem, then only they can be understood and accessed by the bootloader.

The Grub  has configuration file in that the details of the filesystem and the filesystem device drivers are loaded

/boot/grub/grub.conf

The original file for the grub is located in  /etc/grub.conf and this file is symbolic linked to /boot/grub/grub.conf

#ls -l  /etc/grub.conf

To view the Grub config file:

#cat /etc/grub.conf or cat /boot/grub/grub.conf

GRUB(GRand Unified Bootloader):

Grub loads the kernel in three stages

Grub stage1:

The total size of the MBR is 512 bytes, the size is too small and it has all the instructions to load the operating system.

  • The total number of space allocated for the bootstrap code in an MBR is 446 bytes, this 446-byte file for stage1 is named boot.img and it doesn’t contain the partition table information which is added separately with the boot record Because boot record must be so small and it doesn’t understand the filesystem structures.So the purpose of stage1 is to locate and load the stage1.5.After loading the stage1.5 in to the RAM stage1 takes control over to stage1.5.
Grub stage1.5:

As I have explained above the grub stage 1.5 must be located between the boot record itself and the first partition on the hard disk.The function of stage1.5 is to start executing the filesystem drivers that are necessary to load the stage2 from the /boot.

Grub stage2:

The grub stage1 can load the Grub stage 2 directly, but the stage1 is by default setup to load the stage2.The location for the stage2 is /boot/grub2 directory and the stage2 doesn’t have image files like stage1 and stage1.5 instead it has only all the runtime kernel modules that are needed to start the operating system.

Note: Stage2 of Grub2  loads the kernel in to the memory and provides the control of the server over to the kernel.
KERNEL:

1.Once the bootloader starts the kernel it uncompress the initrd image  it mount and load all the device drivers

initrd(initial ramdisk is to loading a temporary root file system in to the memory)

  • 2.Loading and unloading the kernel modules can be done with insmod and rmmod commands which is present inside the inirt image.

3.The kernel will mount the root partition as a read-only

  • 4.The kernel will check the /etc/fstsb file for the filesystem check integrity.

5.If no error found from the /etc/fstab file output then it starts the init process

INIT PROCESS:

Run the server in to run level as mentioned in /etc/inittab file

#cat /etc/inittab

Based on the selected run level, the init process then executes all the startup scripts located in /etc/rc.d/rcx.d

  • Note:All the run level scripts are located inside /etc/rc.d/rcx.d

If everything goes fine then it will display the Login screen……

Never miss an article from this blog, Kindly do like my FB page Learn Linux in an easier way

 

######################################################################################

If you found this article useful, Kindly subscribe👇

Click this link to Subscribe

How to configure VNC-SERVER access in Red hat Linux

Virtual Network Computing(VNC):

As a system administrator frequently we access the servers remotely over the network for various reasons, Mostly the system administrator prefers to use the protocols ssh or telnet to connect to the remote server which gives you a non-graphic access to the remote server.Sometimes we need to access the remote server with GUI interface i.e, sharing the server desktop, So if you need to access the client-server desktop we need to configure VNC on RedHat servers.

VNC it allows the administrator to open the remote GUI access to your server and thus it provides you a full Graphical user interface session from any remote location.

Note: The best real-time example for the VNC is "Teamviewer" which gives you the GUI desktop access to another system.
How to Configure VNC Server in Linux?

To configure the VNC on RedHat server two vnc packages should be installed.

1.Vnc-server package

vncserver-1.0.4-8.el5

This package is used to share the desktop with the remote system.

2.Vnc-viewer package

vnc-4.1.3-9.el5

This package is used to access the server from another system.

Configure the following on Linux server:

The IP address of my Linux server is 10.250.1.36

First check the vnc-server package is installed on your server by using the  rpm command

#rpm -qa vnc-server

If the package is not installed then install the package from the media.

To install the vnc packages:
#cd  /media/RHEL_5.7 x86_64_DVD/Server
Check vnc package is listed in cdrom
#ls  tiger(then press the tab twice will give you the package details)

Once you have confirmed the packages are listed in cdrom install them,

#rpm  -ivh tigervnc-server-1.0.90-0.10.2010115svn3945.el6.x86_64.rpm

Configure Linux client:

Note:  Linux client-server IP address is 10.250.1.34

Check the vnc-viewer package is installed or not

#rpm  -qa vnc-1.0.90-0.10.2010115svn3945.el6.x86_64.rpm

If it is not installed then install it from the media

#cd  /media/RHEL_5.7 x86_64_DVD/Server

Install the vncviewer package

#rpm -ivh  tigervnc-1.0.90-0.10.2010115svn3945.el6.x86_64.rpm

Let us confirm whether vnc packages are  installed  successfully or not by using the following command,

Once you have confirmed the required packages are installed on both the servers now its time to check the vnc access.

Note: Before you run the vnc command to connect to the remote server, check with the ping command whether both the servers are communicating each other.

#ping  <remote server IP address>
#ping 10.250.1.34

Once you have confirmed the connectivity test is passed,  check the Linux client IP address status,

To check the IP address status of your Linux client-server:

#ifconfig or ifconfig  eth1

Before you run the vncviewer command to get the access to Linux server desktop, run the ping command to check the connectivity.

#ping 10.250.1.36

Now run the following command to take the remote Linux server desktop access.

Syntax:

#vncviewer   <remote server ip>
#vncviewer 10.250.1.36

On  server side  i.e @10.250.1.36 it will show a pop-up message for confirmation

Once the admin granted the request, you can now access the remote server desktop graphically.

The live session for taking the remote server desktop is added to this video link Vnc server client Demo video
Key point:  If you are getting any error message while connecting to the remote server via vnc go to system setting and choose the remote desktop option and enable the checkbox to allow other users to share your desktop, do this on both the server end and try connect, this time vnc will connect without any error.

 

I hope you have enjoyed this article, in our next article I will explain you about the TCP/IP secured protocols.

Never miss any article from this blog ,Kindly do like my FB page Learn Linux in a easier way

*****************************************************************************************************************

If you found this article useful,kindly 👉🏿👉🏿Subscribe here

 

 

 

How to install the packages in Redhat Linux?

Introduction:
In this tutorial, we are going to learn about how to install, uninstall, modify and update the individual packages in Redhat servers by using the rpm utility.
To install the packages in Redhat based systems we have two powerful tools to perform that,
1)RPM(RedHat Package manager)
2)YUM(Yellow Dog Updatemodifier)

Rpm(Redhat package manager):
The RedHat package manager is a powerful tool for the Redhat based systems like Fedora, Centos, Redhat.It allows the user to install, uninstall, upgrade, modify the packages on the Unix/Linux servers.
  • Basically, Rpm tool works directly with the packages and it will not check and install the dependency packages, Some application might depend on other packages, when you are using rpm to install that first, you need to install the dependency packages manually, then after that, you have to install the main package.In order to work an application properly, we need to install all the chain dependencies packages.
YUM:
Yum works in a different way to install, uninstall and upgrade the  Red Hat packages.It works with the package repositories where all the information about the packages gets stored.By default yum tool automatically check all the dependency packages and install them, When you are using rpm, you no need find and check for the dependencies packages and install them one by one manually, yum does all the works automatically.In order to run yum command We need to configure the YUM package repositories first on your Linux system (I will explain how to configure yum repositories in our next article)
Note:
So the main difference between the rpm and yum tool is rpm will not install the dependencies packages whereas yum will check and install all the required dependencies packages.
Note:
RPM Earlier called as the .rpm file it contains the software programs and libraries that are needed by the packages.And this tool works only with the packages that built in the .rpm format.
RPM packages Details:
It is very important to know about the rpm package file name conventions on Linux package management.By default, all the package includes the version number, hardware architecture and many more details.Let us see the package names along with the details
First, change your working directory path to the /media where the CD-ROM gets mounted.
#cd /media/RHEL_5.7\x86_64\DVD/Server/
This is the path where the rpm packages reside on CD-ROM(on RHEL5.7)

Note:
In RHEL 6.0 the path for the rpm packages are under /media/RHEL_6.0\x86_64\DVD/Packages
Now run the command to list all the available .rpm packages from the CD-ROM
#ls  -l

From the above output, you will see all the .rpm packages from the CD-ROM.
To check the individual package details run the below command(here I use telnet package)
#ls  -l    |grep  telnet

The above output shows the details of the telnet package.

Installing the packages:
The following Procedure to be followed before you install the packages on Linux server.
1)Always check the integrity of the package before you install
2)Check whether the package is already installed on your server
3)If the package is not installed then use the rpm command to install the packages
4)After installation check whether it gets updated on the Linux Package Management.
Ex:1 How to install the Packages on Redhat servers?
Insert the CD-ROM media in to the drive, once the media gets mounted on its mount point directory change your path to that mount point directory
Check whether the CD-ROM is mounted or not,
#df -h

As you can see from the output the cdrom is mounted on the mount point directory /media
/media  – It is default mount point directory for the removable media.
Now change your path to the directory where the packages reside.
#cd  /media/RHEL_5.7\x86_64\ DVD/Server/
Run the “ls” command to check all the available packages from cdrom
In  this example, I will show you how to install nano package .(nano is an editor tool)
Check nano package is listed in CDROM
#ls  nan (then press the tab key twice it will list the package details if it is avaiable)

Once you have confirmed the nano package is available in CD-ROM you can now start to install the package,
Check Whether the nano package is installed on the server or not?
syntax:
#rpm    <options>   <package name>
Options:
-q   -To query
-a  -To print all the installed packages in the system
-R  -To list all the dependent packages
-e   -To uninstall the installed package from the system
-v  – Verbose output
-U -To update the existing installed package
-h – To show the hash progress(display the progress in hash on your screen)
#rpm  -q   nano

From the above output, nothing displayed which confirmed the nano package is not installed on the system, if the package is installed already on the system then it would display the package details.
Make sure you are under the   /media/RHEL_5.7\x86_64\ DVD/Server/
#pwd
Now install the package
#rpm  -ivh    nano-1.3.12-1.1.x86_64.rpm

Now confirm whether the nano package is successfully installed on the system or not,
#rpm  -q   nano

The above output displays the package details(nano), which confirmed the package is successfully installed on the system.
Ex:2 How to uninstall the package from the system?
The same command we have to use it with the option  -e
#rpm  -e  nano

Run the query command to confirm whether the package is uninstalled successfully
#rpm  -q nano
The above output shows the nano package was successfully uninstalled.
Ex:3 How to check the integrity of the package?
Always check the integrity of the package on Linux system before you install them and make sure always the test result gives you ok.
In this example, I will show you how to do the integrity check for a package.
#rpm  --checksig  <package name>
–checksig means Check signature
#rpm  --checksig  pinfo-0.6.9-1.fc6.x86_64.rpm

The output says the package integrity check was not ok i.e, the package has some missing keys.
Note:
If the package has passed the test then it would display as md5 OK
Ex:4 How to check the dependencies of the package?
Checking the dependencies of the package is very important for the system administrator before he installs the package, as you know the rpm tool will not install the dependencies packages, if you haven’t installed the dependencies packages then it will not allow you to install the mentioned package.Do a check about the dependency packages that are needed for the package you are going to install.
#rpm  -qpR   httpd-2.2.3-53.el5.x86_64.rpm
-q –>To query
-p –>Prints the capabilities package provides
-R –>Will print on which this package depends.

The above output prints all the dependent packages that needed by the httpd package, so if you want to install this httpd package with rpm command, first you need to install all the dependent packages one by one manually.
Ex:5 How to install a package without dependencies?
In some case we need to install the package without the need for dependency packages, on that time we can use the special option –nodeps with the rpm command to install it without dependency packages.
#rpm  -ivh  --nodeps  <packagename>
#rpm  -ivh  --nodeps    httpd-2.2.3-53.el5.x86_64.rpm

From the above output, the httpd package was installed without the need for its dependent packages
Ex:6 How to check the latest installed packages information along with the date and time details?
To get the latest installed packages information use the special option –last with the rpm command as follows
#rpm  -qa  --last

The above output shows the installed package details along with Date, time and year details.
Ex:7 How to Upgrade the already installed package on your system?
Use the -U option with the rpm command to upgrade an existing package in your system,The benefit of using this option is, it not only upgrade the existing package but also it takes a backup of the package older version so that in case if the updated version is not working properly then it uses the older version of the backup.
#rpm  -Uvh   nano-1.3.12-1.1.x86_64.rpm

Ex:8 How to check the command belongs to which package?
If you want to check the command belongs to which package in your Linux system we can get that with the rpm, let us say for an example I need to find  the command “top” belongs to which package, Run the following command to get the package details
#rpm -af   <full path to the command>
To print, the full path of the command run the following command,
#which  top

#rpm  -qf  /usr/bin/top

From the above output, the top command belongs to the package procps-3.2.7-17.e15
Ex:9 Check the package details after installed?
Suppose  if you want to check the details of the installed package about the release number, size,  signature key, vendor and much more run the following command
#rpm  -qi  <package name>
qi means (Query info)
#rpm -qi   telnet

From the above output, you would see the entire details about the telnet package.
Ex:10 How to get the information about the package before you install?
Sometimes we may need the internet to download some of the rpm packages to install, after downloading the package if we want to check the details of the package  to know about the author and some other details run the following command
Note:
I have downloaded the rpm package from the internet babel-0.9.5-1.el5.rf.noarch.rpm and I have saved inside the folder /rpm.
#rpm  -qip  <packagename>
-p  -this option allows us to perform the same query analysis on the package which is not installed on the system.
#cd  /rpm
#ls

Now check the details of this downloaded package,
#rpm  -qip babel-0.9.5-1.el5.rf.noarch.rpm

From the above output, you would see the details of the package (which is downloaded from internet).
In our next article, I will explain about the yum repositories in Redhat systems.
Never miss any article from this blog ,Kindly do like my FB page   Learn Linux in a easier way

*************************************************************************************************************************************

If you found this article useful, Kindly Subscribe and do share it with your friends, Thank you🙂🙂

[rainmaker_form id=”235″]

 

 

 

 

How to configure IP address in RHEL server?

Introduction

In this article we are going to cover how to configure the IP address and what all are the initial checks up we need to perform before you configure the IP address.

Every system in a network needs an IP address to communicate with another system, it can be easily configured in RHEL with the help of “ifconfig” command.

Types if IP:

IP address can be configured in two ways

1)Static IP

2)Dynamic IP

Static IP:

The IP can be configured manually by the system administrator or by individuals.Static IP mostly use with the devices like router, printer etc…

Dynamic IP:

In this method, the IP address is automatically configured from the DHCP server, when you set the IP should configure automatically in the network management tool then the system will call the DHCP server for the IP address, DHCP service provides the IP address to the system when it joins the network.

Procedure to configure the IP address:

1)Check how many adapters available and its status from your server

2)Choose the adapter to which you are going to configure

3)Deactivate the network adapter before you assign IP address

4)Configure the IP with the help of “ifconfig” command

5)Make the assigned IP address permanent with the help of “setup” command.

6)After assigned the IP address permanently to the network management file activate the network adapter.

Configure the IP address:

Method: Static IP

To check the network adapter status:
#ifconfig

from the above output, we have only one adapter connected to the server and the logical name for the network adapter is “eth0”, the current IP address for the adapter is 10.0.2.15 and the adapter is in running state.

eth0 –>eth indicates the adapter manufacturer name and “0” indicates the first adapter .if  the server is having two network adapter means it would display as eth1.

Note: You don’t have to worry about the  adapter names and numbers since the kernel device driver will generate all these by default.

To deactivate the network adapater:

syntax:

#ifdown   <Network adapatername>
#ifdown   eth0

Now check the network adapter status whether it is successfully deactivated or not

#ifconfig

From the output, eth0 adapter has been turned in to deactivated mode successfully

Now let us configure the IP address to the eth0 adapter by  using the following command:

syntax:

#ifconfig   <Network adapter>  <ipaddress>
#ifconfig  eth0   10.250.1.50

Check whether the IP is assigned to the eth0 adapter

#ifconfig  eth0

from the output, you could see the IP 10.250.1.50 has been successfully assigned

Note: Now if you deactivate the adapter , next time when you bring it back to the activate state, the IP will get assigned from the DHCP service.This is the default mode in RHEL.Below is the screenshot how the IP get assigned automatically after deactivate and activate the eth0 adapter👇👇

Now its time to make this ip address permanent by using the following command
#setup

From this tool choose the network configuration

Now choose edit devices

Choose the eth0 device from the option

Now check the default setting for the network adapter devices

From the above screenshot, you could find the default mode to configure the IP is in DHCP always.

Now Unselect the DHCP mode and add your static IP here to make it permanent one

Note: Use spacebar from your keyboard to deselect the DHCP

We have now successfully added the static IP 10.250.1.50 to the adapter eth0.

That’s it…Now save the information and exit the network management tool

 

Now activate the network adapater:

syntax:

#ifup  <network adapater>
#ifup  eth0

So from now onwards 10.250.1.50 is the default IP address for your server , even after restart , deactivate and activate the adapter this IP would be the permanent one.

#ifconfig eth0

From the above output, the IP has been permanently activated with the static method.

Note:

If you forget to add the IP address in the network management with the “setup” command then the assigned IP would be a temporary one,if you do a restart or deactivate and activate the adapter it will assign the IP from the DHCP server since in RHEL the default mode after restart or activate the network adapter will be in Dynamic IP mode.

Tips and tricks:

*If you are facing issues while you bringing up your network adapter or assigning the IP address just try to restart the network management service

#service NetworkManagement restart

The above command will do a refresh on all the network adapter configuration files and then try to configure or activate the adapter.

I hope you have enjoyed this article, in our next tutorial I will explain you the troubleshooting concepts in IP configuration.

Never miss any article from this blog ,Kindly do like my FB page 👉👉  Learn Linux in a easier way

*************************************************************************************************************************************

If you found this article useful, Kindly Subscribe here 👉🏿👉🏿Subscribe here

Visit and Subscribe My Youtube Channel for More Videos  https://youtu.be/6vYQYY_zL0o

 

 

 

How to Configure “SUDO” access for users in Linux?

SUDO stands for (Super User Do) when a normal user needs a root user privileges he can attain that functionality by the SUDO mechanism.SUDO is the good way to get the root privileages,In another way we know to access the root privileages by using the su(switch user) command, here you need the root user password to get the access, sharing the root user password to others  is not safe always,after login you will get the prompt # which says you are logged in as a root user, if you enter any dangerous command then the server will have to face  the critical issues, you can erase the entire hardisk, you can change the default parition layout information and many more which leads to  so many problems.

But when we give the root privileges via sudo the user has to run the admin commands with sudo permission only, The user has to run the command with the sudo permission as follows #sudo <full path of the command to be run>, this works in a safe way.

Sudo configuration file:
file path=/etc/sudoers

Once you have decided to give the root privileges to non-root users, you will have to configure their names inside this file with the permission you allowed(full permission or partial access).So whenever the user runs any admin commands the sudo command will check the username inside this file, if the name exists then the user authentication is success he is allowed now to execute the commands.In this way, only the sudo mechanism works.

If you remove the user from this file then the user will not have the root privileges, he cant access the root privileges via sudo.Now let us configure the sudo access for a user.

Ex:1 How to Configure Sudo access(Full privileges) for a user:

Open the file with your preferred editor, I always use the vi to edit the files.we can also open this id configuration file by using the command “visudo”

#vi  /etc/sudoers

<add the username to whom you are going to give sudo access>

below the ROOT user add the non-root user privileges

vasanth ALL=(ALL) ALL means full privileges(user can execute all the admin commands)

Now we have successfully added a user john inside the sudo configuration file.Let us see how the user gains the root privileges.

Note: Vasanth should have the valid password before he executes the commands via sudo.

Now let us log in as a Vasanth and perform the admin command

#su  – Vasanth

$pwd

$reboot
Sample output:: Must be Superuser

Run the command  via sudo

$sudo  /sbin/fdisk -l

Note: Always mention the full path of the command else you will get error message command not found as users are accessing the commands via sudo temporary.(Bash will not read the full path of the command automatically from $PATH unless you are a root user)

after executing it will ask the john password for authentication, once you have submitted the password it will check the username inside the sudoers file and if the user matches then it allows running the command.

From the above output, the user Vasanth gain the root privileges via sudo successfully.

Ex:2 Give access to no-root user to run certain commands via sudo

In our previous example, we gave the full privileges to run the admin commands, in this example, the non-root user is allowed to run only the certain commands which are defined in the sudoers file, let us see how to do this.

#vi /etc/sudoers

<add the username and mention the command full path the user is allowed to sun>

So from now onwards the user Vasanth is allowed to run the only fdisk and partprobe command via sudo, if he tries to run some other command via sudo  it will not allow to run, let us see  this with practical  below,

#su – Vasanth
$sudo reboot

here you will get the permission denied or command not found messages

$sudo /sbin/fdisk -l

$sudo /sbin/partprobe

As you can see from the above output the user Vasanth  is only allowed to run two commands via sudo ,

if the user Vasanth  try to run any other commands with sudo he will get permission deny or command not found WARNING message

from the above output, the user Vasanth tried to run reboot command via sudo which is not added inside the sudoers file to Vasanth so he received a  warning message.

Ex:3 How to allow a user to run the command without providing his password.

In our last two examples every time the user runs the command via sudo it will prompt the user to enter his/her password to verify the user in sudoers and in /etc/shadow file.

If you want the user to run the command via sudo without supplying the password we need to put additional entries inside the sudoers file, let me show you how to configure this.

#visudo

vasanth ALL=(ALL) NOPASSWD: <FULL PATH  TO COMMAND>

save and exit

Now  ask the non-root user to check:

su –  nirmal
$sudo /sbin/fdisk  -l

As you can see from the above output it is not prompting the user to enter his password, without providing the password the command executed.

Note: Everytime you run the command via sudo permission you should give the full path of the command which is how it provided inside the sudoers file, without the full path you will get the command not found error message.

***************************************************************************************************************************************

I hope you have enjoyed this article.If you found this article useful, Please do subscribe  here Subscribe here

 

 

What is Sticky Bit Permission in Linux

File security is much-needed one in today’s information technology environment, though there are lots of security features loaded by default there are chances for data gets stolen without your knowledge.The sticky bit comes with an excellent feature, this will not allow other users to rename or delete the file or dir even if they have full access to the directory. It allows only the root user or the user who owned the file or directory can delete or rename it.

Let me explain this with one example, I have a directory in the location /etc/mydir with the full access i.e read, write and execute permission to the group,&other users, thus here all permissions are ser to drwxrwxrwx.

Now  all users, groups have full permission to access to the directory /etc/mydir , I have two users with named “user10 and user20” as everybody  has the full permission to access the directory /etc/mydir, the user10 change the path to /etc/mydir and created a file named “myfile” .So the owner of the file “myfile” is user10.

Now the “user20” changed his path to /etc/mydir and decided to rename the “myfile”(which is owned by user10). The file was renamed, while the owner and group names remain unchanged.

The user20 can also delete the file(vasanth.com) which is not owned by him, Now we need some mechanism to prevent a user who doesn’t  own the directory or file within the directory from renaming or removing other users files and this is where sticky bit rises.

The file and directory set with the sticky bit allow only the root or owner of the file to move or delete that even though other users have full access they couldn’t do it.

Sticky bit can be assigned in two ways:

1)Numeric method

2)Symbolic method

In the numeric method you have to use the value 1 and in the symbolic method the option “s” to be added to the “other” field.

Now am going to set sticky bit to the directory /etc/mydir and let us  do the same experiment once again

#chmod o+t  /etc/mydir
#ls  -ld   /etc/mydir

#su – user10
#cd /etc/mydir
#touch testfile

#su – user20
#cd /etc/mydir
#mv testfile   vasanth.com
#rm  -vf  testfile

Now this time the sticky bit protect the file(testfile) being deleted from other users(user20) which is owned by user10.

This is how the sticky bit works.

To remove the assigned sticky bit permission:

#chmod  o-s  /etc/mydir
#ls  -l  /etc/mydir

In our next article, I will explain about assigning access control list permission to a file.

********************************************************************************************************************************

If you found this article useful, Please do subscribe  here Subscribe here

 

 

SUID permission in Linux

As we all know about the files and directory permissions, modifying the default permissions  and much more with the help of chmod command.,Assigning permissions with read,write and execute  with chmod is the basic way to  protect a file or directory from the anonymous user access,There are chances hackers could get in and attack the data  and could be stolen your valuable information  or they could run some programs as owner to crash the operating system ,so in order to protect your valuable files , programs to be more secure we have some special permissions available, with that we could protect our data  and programs being executed from unknown users.

Let us see the special permission SUID first:

1)SUID(Set user ID)Set owner user ID upon execution

Note: Remeber all these special permissions can apply only with the chmod command

SUID: When an executable file is set with the special permission SUID, then the users those who all are accessing that file will automatically get the owner permission rather than the user permission.

To make this more clear for understanding let me explain this if you are the owner for some executable file and the file is set with SUID, then the users will be getting owner permissions rather than the user permission who runs it.

Another example: “passwd” command

As all we know to change the user password we use the command “passwd” from the terminal and by default this command will open two important configuration file from the /etc directory ,/etc/passwd and /etc/shadow  to update the password modified informations in to the files,by default normal users dont have the access to edit any configutaion files from the /etc/ path as they onl;y have the read access, Now when I set the SUID for passwd command now the users who all are running the passwd command would get the owner permssionirrespective of which user running it.

If you remove the SUID for the command passwd then when the user tries to change the password will get the warning message permission denied as the command passwd doesn’t have the SUID.

Let  me show you with an example, here a user Vasanth is executing the passwd command and let us check  whether the password program is running with the root(owner) permission or Vasanth permission

Check the current setting of passwd command:

#ls  -l  /usr/bin/passwd

Now Switch to Vasanth account:

#su  – Vasanth

Run the passwd command:

$passwd

As a root user now check the “passwd”  command process permissions

#ps  -aux  |grep passwd

From the above output now it has been confirmed the passwd process is running with root user (check the first filed root)permission, So any program or command or files with SUID permission will always run the permission of the owner of the file rather than the user permission who runs it.

Ex:1 How to set SUID on a file

Syntax:

Methods:

1)Symbolic way (s stands for set Special permission)

2) Numeric way (4 will set SUID)

Let me create a file:

#touch   /database
#ls -l /database

Syntax:

#chmod  <special permission><default permission>   <Path to the file/executable file>
#chmod  4644  /ddatabase

From the above syntax first “4” in 4644 indicates SUID

Check whether SUID is applied to the file:

#ls  -l   /database

Now as you can see from the above output at the owner execution field “S” has been added which shows the file has SETUID assigned.

Note: From the output uppercase “S” indicates the file is not set with executable access but in some case, you would see small “s” which indicates the file is set with the executable access.

After assigning the execute access to owner the uppercase “S” will get change it to the lower case “s”

#chmod 4744 /database
#ls -l /database

To remove the assigned SUID access from the file”

It’s very easy, just run the default permission to the file, which will remove any special permissions assigned to it.

#chmod 644 /database

#ls  -l  /database

Now you can check the above output at the owner execute field “s” has been disappeared .

Method: Symbolic
#touch   /mydata

Now let us set the SUID to the file by using the symbolic method:

#chmod  u+s  /mydata    ( u–owner   s –set permission)

#ls  -l  /mydata

From the above screenshot You can see the “S”  at the owner execute field, if you give the execute access  for owner then the upper case “S” will get change it to the lower case “s”

To remove the SUID :

#chmod  u-s   /mydata

#ls  -l  /mydata

As you can see from the above output “s”  has been removed from the owner execute field which confirmed the SUID  permission has been removed from the file.

NOTE:Like “passwd” there are lots of commands exists with SUID, example we can also check it with the “crontab” command(which is used to schedule automatic jobs running) and this file will be opening the configuration file from the path /etc it will not allow the normal users to write any file from this directory, This command also has the SUID permission so that the normal user can have the owner permission to edit the files from the /etc/ directory while they run the crontab command for scheduling some automatic jobs.

************************************************************************************************************************************

I hope you have learned now how to set the SUID permission on files and their importance.

If you like this article, Please do share it and subscribe  here Subscribe here

 

 

 

Manage the files and directories with “chattr” attributes

.we can secure the important files and directories being from deleted with the help of chattr attributes, not only to secure being from delete and also prevent it from being modified or appended.Always remember to enable the attributes only on the critical files and directories.You are not allowed to edit, delete or append the content to the file/directory set with this special attributes,

Let us see the attributes and its meanings one by one

Attributes   and meaning

a     -Only  Append operation is allowed

A    -will not allow to modify the access time of file

c    -With this attribute, the file is compressed on the disk automatically

d   – The file couldn’t back up by using the dump command

i    -The file with this attribute enabled then it will not allow to modify, rename and delete

There are some special options available that could use it with the chattr command

R -To change the attributes of the directory and its subdirectories recursively.

-v – Verbose output

Now let me show the operators that can be  use it with chattr command

+   – To set the attribute in the file/directory

  •  –   -To remove the attribute from the file/directory
  • =    -With this operator you can set one attributes that the file can have
To set and unset the attributes to a file/directory

Syntax:

#chattr   <option>    <attribute>    <file/directory>
Ex:1 Create a file as a root user and give full permission  on the file
#cat >/linux.txt
Sample Output: [root@localhost /]# cat >/linux.txt
Hello Linux Hunter

Give full permission to the file

#chmod 777 /linux.txt
Sample Output:[root@localhost /]# chmod 777 /linux.txt
#ls  -l /linux.txt
Sample Output: [root@localhost /]# ls -l /linux.txt 
-rwxrwxrwx. 1 root root 18 Nov 7 13:05 /linux.txt

Now let us make this file more secure by adding  +i option

#chattr  +i   /linux.txt
Sample Output: [root@localhost /]# chattr +i /linux.txt

From now onwards you can only read this file, write and execute permissions will be denied.

#lsattr   <filename>
#lsattr   /linux.txt

From the above output you can see the attribute “i” assigned to the file

Now let us try to delete the file

#rm -vf   /linux.txt

From the above out you can see the message operation not permitted which says the file is secured with “i” attribute.

Ex:2 To remove the  assigned attributes for a file
#chattr   -i     <filename>
#chattr  -i   /linux.txt

Let us check with lsattr whether the assigned attribute is removed or not.

#lsattr  /linux.txt

Now try to remove the file

#rm  -vf   /linux.txt

After removed the “i” option now it allows the user to remove the file based on the default permission

Ex:3 Secure  a file with -a attribute

with “a” attribute it allows the user to  read and append the content, but it will not allow removing the file,So the difference between “i” and “a”  attributes with “i” it will not allow the user to append the file  whereas  with “a” attribute it allows the user to append the content to the file .

#chattr  +a  /mydata.txt

Check the file attributes by using the following command

#lsattr  /mydata.txt

From the above  output, the file is now set with “a” attribute

Now let us check whether it allows the user to append the content or not

#cat >>/mydata.txt
#cat /mydata.txt

The above output shows “a” option will allow the user to append the content to the file.

Now try  to remove the file

#rm  /mydata.txt

As I said earlier on this topic “a” will only allow to read and append the content, it will not allow the user to delete the file.That is what the above screenshot displayed.

Now let us remove the “a” attribute from the file

#chattr -a   /mydata.txt

#rm /mydata.txt

After removing the attribute from the file now it will allow the user to delete the file

Ex:4 Secure the entire directory with -R attribute

You can also secure your sensitive directory with the -R option

#mkdir  /linuxvasanth.com
#touch  /linuxvasanth.com/mydatabase

Now let us set the -R and i option to the directory /linuxvasanth.com

#chattr -R +i  /linuxvasanth.com

#rm -rvf  /linuxvasanth.com

From the above output, the user cannot delete the directory even if he has the full permission.

Now remove the -R and i  from the /linuxvasanth.com directory and try to remove the directory

#chattr -R -i  /linuxvasanth.com

Note: Directory secured with -R can be reset only with the same -R option

#rm -rvf /linuxvasanth.com

Now it allows the user to delete the directory.

I hope now you have understood the way to secure your files and directory with chattr command.

If you found this article useful, Kindly do share it and Subscribe👉🏿👉🏿  Subscribe here

 

 

 

 

Managing User Account in Linux

Users

Managing user account is an important task for the system administrators on their daily task, in this article  I will explain to you how to administrate the user accounts and also we will see the configuration files that are needed for maintaining the user accounts.Basically all the users on the system are identified by username and the user id(UID) number,Humans can recognize the user by its username but the operating system uses the UID number to identify the users in your system, when you create a user account by default a UID will get generate with an account.Each and every user will have the unique UID number.

Special Users

While installing the operating system some default user accounts will get created in your system, these accounts are normally called as the default system accounts.These special users will have different UID numbers.

Groups

Every user on your system is also a member of one or more groups.Instead of setup individual permissions for each and every user, adding a user to a group and then assigning the permission is the easiest way of setting permissions for different users.Like UID groups will have GID (group identification number).

System default configuration files that store the user account information

When you create a user or group all the default information will get an update on some configuration files, there are three important configuration files available to store all the user and group updated information.As you know all the configuration files come under the directory /etc inside this we will have passwd,shadow&group files.
1./etc/passwd
This /etc/passwd file stores the User essential information which is must require during the login.Total seven fields are there in this file, By default, the passwd file will look like below entry format only.
a)Username
a)Password
b)user ID
d)Group ID(GID)
e)Comment
f)Default Home Directory
g)Login Shell
Each field is separated by a colon(:)
Let me explain the fields one by one
Username: User Id when users logs in to the server.Maximum allowed characters for the username is in between 1 and 32.
Password: An character indicates the encrypted password is stored in the /etc/shadow file.
User ID(UID): The UID number for the root user is “0”, The UID 1-499 is reserved for the default system accounts, above 500 will use it for the secondary user accounts which we create it manually by useradd command.
Group ID(GID): It shows the Group ID that is stored in /etc/group file.
Home Directory: The default home directory for non-root user logins, if this directory does not exist then the user directory become / only, login problem might occur if /home is not available while login.
Login Shell: This indicates The default shell to be used when the user login to the system.
Let me show you the screenshot of /etc/passwd file how the  fields are separated,

Check the  file permission for /etc/passwd

#ls  -l /etc/passwd
As this file contains sensitive user information The permission for other user is set to read-only so that users cant modify this file,

2)/etc/shadow

This file holds the user’s encrypted password information, once you have created the password it would be encrypted and stored inside this file along with your login name.Only the root user can read this file, other users cannot read this file.Let us have a look at this file
#cat  /etc/shadow

1.Username: This is your login name
2.Password: Your encrypted password information, The $id is the algorithm used on GNU/Linux as follows
a.$1$ is MD5Algorithm
b.$2a$ is Blowfish Algorithm
c.$5$ is SHA-256 Algorithm
3.The last password changed: Days since the last password was changed.
4.Minimum: The Number of days left before the user is allowed to change his password.
5.Maximum: The no of days the password is valid
6.Warning: The number of days before password is set to expire that users are warned to change his password.
Note: Last two fields separated by colon are mentioned below
7.Inactive: The number of days after  password expires that account is disabled
8.Expire: Days since the account is disabled.
Note: The password filed which starts with an exclamation mark (!) means that the password is locked if it starts without ! means account is unlocked.
Let me show you this with one example…
When the account is in locked state

From the above output, you can see the encrypted password starts with the ! mark which indicates  the account is in the locked state
After the account is unlocked

From the above output, the encrypted password starts without the ! mark coz the account has been unlocked.

3./etc/group file

It holds the user groups information like which user belongs to which group, As like the above files all the entries are separated by colon(:)

1.Group name: It indicates the group name
2.Password: By default password is not used hence it is empty, if the password is there for the group then it can store the encrypted password, If you need a group with privileged access then create a password for a group.
3.GroupID(GID): All users must be assigned a group ID when you check the /etc/passwd file you will find the group associated with each account.
4.Group List: It holds the usernames who all are members of the group, all the names are separated by commas.

To Check the group informations

#cat /etc/group

or

#less /etc/group

or

more /etc/group

To find out the Groups the user is added

#groups  <user name>
#groups  vasanth

Here the user Vasanth belongs to the system groups ntp and adm.

How to create a user account?

Creating a user to Linux box is very easy, however, this operation is allowed to be performed by the root user only.In two ways you can add a user to Linux box.
1)By editing the /etc/passwd file(i.e,Manually adding all the fields like UID,GID,LOGINNAME,COMMENT,SHELL)
2)By using the “useradd” command which creates the account automatically as long as you give the correct details

Syntax: To create a user account by using the “useradd” command

#useradd    -u <uid>    -g <gid>    -d <home_directory>  -s <login_shell>   -c <comment>    <login_name>

Options:

s —–>To define the user Login shell
c —–> To leave a comment for a user account
Now let us add a user account by using this syntax
#useradd -u 1500  -g  10  -d  /home/nirmal  -s  /bin/bash  -c "Site Admin"  nirmal

After adding the account successfully, all the information will get automatically updated in the /etc/passwd file.
#cat /etc/passwd

From the above output, all the fields successfully updated in /etc/passwd file.

Now if you want to confirm to which group the user “hema” was added run the following command,

#id  <user name>

#id  hema

The group name for the id 10 is “wheel”.If you have your own group you can also mention that with the useradd command, in this example i have used the default sys group id 10 (wheel).
Note: Sometimes  the useradd command might fail under the following conditions

1.The UID you specify has already taken

2.The GID you mention does not exit

3.The comment conatins specail charcters syuch as (!) and (/)

4.The shell you specify doesnot exist.

Method:2

Syntax:
#useradd   <user name>
In this method, the system uses the defaults to create the user account and update the same in /etc/passwd file,
#useradd  jeya

Now check the account details in /etc/passwd file

#cat /etc/passwd  |grep jeya

Note: The root UID and GID is always 0, and default group for root is always 0.
Note: Check the second field that appears with “x” character which means its a password filed(“x” appears coz we are using the process called password shadowing) I will explain you about the password shadowing in our upcoming posts.
Note: In /etc/shadow if you see exclamation (!!)  in the password field it indicates no password assigned to the user.

 

Since the user Vasanth has the password you will see the encrypted password line, Now check the other users Hema and jeya you can see the !! symbol which says both the users don’t have the password.
As I said useradd <username> will take the defaults to create the user account, if you would like to know what default values would be assigned to a user when creating a user account with useradd command, here you go..
In Linux, there are two configuration files available which hold the default values to be assigned to a user with user add command.
1)/etc/default/useradd file

#cat /etc/default/useradd

or
you can also use the following command to fetch the same details
#useradd -D

2)/etc/login.defs

This file conatin the values like UID,GID,expiry information,password encryption method and many more informations
#cat /etc/login.defs

You can also change the default values with the useradd command, Let me show you some couple of example on how to change the default values  of  useradd command

Change the default values of useradd command?

In two ways you can  change the default values of the useradd command
1.Editing the /etc/default/useradd file manually
2.With useraddd command by using some options

Now am going to change the default  home directory for all new users

#useradd -D

From the above output all the users will use /home as their default home directory, Now let us change this default home directory,
#userad -D -b /var/users

Now check whether it is updated in the configuration file
#useradd -D

or

#useradd -D |grep HOME

The above output shows,  from now onwards all the new users will use /var/users as their default home directory

Change the default Login Shell

By default all the users will use the /bin/bash as their default login shell, now am going to change from bash to bourne shell i.e, sh
#useradd -D -s /bin/sh

#useradd -D

From the output we can see the default shell from now onwards all the new users will use sh as their login shell
Once you have created a user account the next step is to set a password to the account we have a command passwd by using this we can set the password for the account.

Ex:1 To set a password to a account

Syntax:
#passwd  <user name>

#cat /etc/shadow  |grep hema

From the above screenshot, you will not see the encrypted lines in the password filed as the user is not having the password yet and the (!!) indicates the account is not yet set with the password(i.e, No password)
#passwd Hema

New password:******

After creating the password it should get update as an encrypted format in the /etc/shadow file
#cat /etc/shadow |grep Hema

As you can see from the output, before you create a password for the account in /etc/shadow file nothing is showing in the password field you will see only !! (which indicates no password NP), after assigning the password you can see the encrypted line in the password filed.

Note: Even for the account lock it shows the same !! mark

Ex:2 To check the details or status of an account password

With passwd command you have to use the option -S to fetch the status of the account password,

Syntax:

#passwd  -S  <username>

S --> To fetch the status of the user password

#passwd -S  hema

The result  will give you seven fields, each one with different status
1.The first field is USER LOGIN NAME
2.The second field says whether the account is in locked state(LK) or no password(NP)
3.The third field shows the date of the last password change
4.The Fourth field shows the Minimum age for the password
5.The fifth field shows the maximum age for the password
6.The sixth field shows the warning period for the password
7.The seventh field shows the inactivity period for the password.

Ex:3 To Lock a specified account

Syntax:

#passwd   -l   <username>

l -->indicates to lock the account password

#cat /etc/shadow  |grep hema

Now lock the user account as below
#passwd -l  hema

Now check the shadow file for the changes,
#cat /etc/shadow  |grep hema

Ex:4  To Unlock the account

Syntax:
#passwd  -u  <username>
#passwd  -u hema

#cat /etc/shadow  |grep hema

From the output you can see once the account has brought it back to unlock state the !! mark removed before the $ sign, so as an admin you should know the meaning for !!, NP, PS in the shadow file.
I will show you one small example of how the status is getting updating before and after the account is locked and unlocked

PS –>Account has password and it is in active state
LK –> Account is Unlocked

Ex:5 To set Minimum number of days Before the password change

The user cant change or modify his/her password till the minimum allowed days gets completed,
if I assign 6 days as a minimum password age for the user Vasanth then the user Vasanth must have to use the current password for at least 6 days and he is not allowed to change the password within these 6 days.
Syntax:
#passwd  -n  <days>  <username>
#passwd  -n   6  vasanth

Now check the password status for the user Vasanth,
#passwd  -S vasanth

From the above output now the minimum days required to change the password is changed to 6 days

Ex:6  Set the Maximum number of days before the password change

Is nothing but telling the user how many days the user can use the current password, means within this allowed maximum days the user must have to change his/her password, once the maximum days get over the account will automatically Lock.
Syntax:
#passwd  -x <days> <username>
#passwd  -S hema

From the above screenshot the max number of days allowed before the password change is 7 days for the user Hema, Let me modify this by using the following command
#passwd  -x 10 hema

Now check the status
#passwd  -S hema

Ex:7 How to Set warning days before the password expires

If you set the warning days for a user then he/she will receive an alert message to change the password 12 days before the account expiry date.
Syntax:
#passwd  -w  <warning days>  <username>
#passwd -w 12  hema

Now check the status whether it is updated on the password management file

Ex:8 How to DELETE the password for a user account?

In two ways you can perform this, one is by editing the /etc/shadow file,i.e, removing the encrypted line for the user and the second one is its quite easy way to execute by using the “passwd” command with the “-d “option you can remove the password.
Synatx:
#passwd -d  <username>
Let me remove the password for the user hema, remember after removing the pasword check the password staus in /etc/shadow fiile
#passwd  -S hema

Now delete the password by using the following command
#passwd -d Hema

#passwd -S hema

or

#cat  /etc/shadow  |grep hema

From the above screenshot, you will see the password status has been updated on all the password management files.
In our next tutorial, i will explain you how to control the password management by using the “chage” utility.
If you found this article useful, Please do Subscribe and share it with your friends.Thank you🙂🙂

 

[rainmaker_form id=”235″]

Importance of “lsof” command in Linux

lsof stands for List Of Openfiles is a powerful  command  to analyze which files are open by the process .this command really helps the system administrators to keep track of the process usage, When  you are trying to unmount a filesystem or device and if it shows the device is busy  means the files are being used, with the help of the lsof command now we can easily identify the files which are in use.

What do we get from the lsof output?

With lsof you can use some options to get more detail output about the open files by the process, Below are the details you can get it after executing the command

1.Process in the system

2.User

3.Network service

4.Regular file

5.Directory

6.Network file (NFS, Internet socket, Unix domain socket)

Note: By default in Unix/Linux this command comes with pre-installed. When you are executing lsof and if it is showing error lsof: command not found, it could be the command lsof is not in your PATH, check with /bin and /sbin directory for this command if the command is not listed in these directories then you have to install it manually.

Now let us see some of the examples with the lsof command in detail,

Ex:1 To list all open files by all the process

#lsof

Without any option, this will list you all opened files and process.

From the above output, you can see the details of all open files, FD column stands for File descriptor and it shows some values

CWD Current working directory

rtd Root directory

txt Program text code

mem Memory

FD column numbers like 10u is a file descriptor and it is followed by u,r,w modes

r means read access

w means write access

u means both read and write access.

TYPE –file types and  identity

DIR– Directory

REG– Regular file

CHR-Character special  file

FIFO-First In First Out

Ex:2 How to get the details of all process which has opened file?

#lsof   /hello.txt

In this example I have opened the file /hello.txt for live monitoring so I use tail -f /hello.txt to let the file in open stream, Now check with the lsof to see which process is using the file /hello.txt

As you can see from the above output the file /hello.txt is opened by the process “tail”

Ex:3 How to list all opened files by a user?

by adding  -u option with the lsof  you can get the files which all are opened by the user

#lsof  -u Vasanth

www.linuxvasanth.com

From the above output, you can see the files opened by the user Vasanth (marked with square red box)

You can also add multiple users by providing comma between the username

#lsof -u anis, Nirmal, Marshall

Ex:4 To list all files opened by  a particular command

#lsof  -c  <command>

Let me put a file in buffering mode by using the tail -f  /cts then after that  run the lsof to view files opened by the tail command

#lsof -c  tail

From the output, you can see the files opened by the tail command from the path /home/Vasanth/data file and then from the root directory path /cts file and much more…

To list all files opened by more than one  commands use the below syntax

#lsof -c firefox,top

Ex:5 To list files opened by a particular User and command?

Here you can also combine the options -u and -c together

#lsof  -u Vasanth  -c firefox

From the output, you can see the user opened files as well the files which all are opened by the command firefox.

Ex:6 How to list all open files by a process using the PID number

Its nothing just add the option -p with the lsof command will list the files opened by the process with PID

First get the PID number of the running program by using top or ps command

#top

Once you got the PID use the same with the lsof command.Here I use the PID 18

#lsof -p  <PID>

From the above output, the PID has opened some files from the path / and /proc and also you can see the user who is running that program(here root), the command name and what type of files the PID is using and much more.

Ex:7  To list all network connection

#lsof  -i

here I means internet socket i.e TCP and UDP sockets)

From the above screenshot, you can see the port status whether it is listening or non -listening, the type of protocol connected, the node and many more details you can find it.

If you want to get all the TCP open socket connection details

#lsof  -i tcp

Ex:8 How to get which process is using a port?

you can also use the netstat command  for this

#lsof  -i:22

you can also use the service name instead of the port number

#lsof -i:ssh

I hope you have understood the need of using the lsof command in Unix/Linux Operating system.

If you found this article useful, Kindly Subscribe here 👉🏿👉🏿Click here to Subscribe

 

 

 

How to Unmount a Busy Filesystem in Linux

In our previous tutorial I have explained the concepts of mounting and unmounting the filesystems, Now let us see how to unmount a busy filesystem …In Linux/Unix If a device is reporting busy then it won’t let you bring the device to inactive state, the file system will report busy (umount /dev/***: device is busy)when you  try to unmount that it could be  due to various reasons,
1.When more users are accessing that filesystem.
2.Any media mounted in that mount point(CD/DVD/FLOPPY/USB).
So bringing those filesystems to Unmount state without any data loss is the challenging for most of the system admins.
We have a utility called “fuser”  it helps us to unmount a busy filesystem without any data loss.

What is meant by fuser?

fuser helps us to identify the processes that are currently accessing the filesystem by giving the owner name for the processes, the process id number and much more…With this utility, we can also apply the options to get the brief details from the fuser output.Here are some of the important options we use frequently with the fuser utility.

Options:
k – Kill the process
c – Current Directory
e – Executable file being run
v – Verbose output
u – To get the username.
Let me show you how to unmount the busy filesystem with the help of “fuser” utility.
Syntax:

#fuser  <option>   <mount point directory path>

or

#fuser  <option>  <device name or filesystem>

Ex:1 Unmount the busy filesystem.

On my disk I have a  filesystem /dev/sda2 and it is mounted on the mount point directory /home, As all, we know /home is the default home directory for the normal user logins Let me first log in to the server as a normal user(nirmal), then after that as a root user I will try to unmount the /home filesystem ,obviously it will give you the output as the “Device is busy” as all the initialization files will run from this directory to create the user login desktop.

Check the mounted filesystem details

#df -h

From the above output, the filesystem /dev/sda2 is mounted on the directory /home

Umount the /dev/sda2 filesystem

You can either use device name  or mount point directory to unmount

#umount  /dev/sda2

or

#umount /home

To Learn Mount and Unmount  concepts click this link—> Mounting and Unmounting

The above output says the device is busy since it is accessing by some process, Now check how many processes currently occupying the filesystem.

Identify the processes occupying the current directory

#fuser -c  /home

From the above output  the numerical value indicates the “PROCESS ID”  and character “c” means  the “Current Directory”, so currently, two processes are running on the filesystem, Now let us try to kill the processes that are occupying the current mount point directory by running the following syntax,

#fuser -ck   /dev/sda2

k –>kill

Check whether the running process successfully killed or not,

#fuser -c /dev/sda2

From the above output it is confirmed all the process killed by the fuser, Now try to unmount the filesystem

#umount /dev/sda2

Now this time you will not see the device busy error

Now confirm /dev/sda2 is unmounted or not by running the following command

#df -h

From the above output, the filesystem /dev/sda2 successfully unmounted.

Ex:2  Display all the Processes that are using the current Directory

#fuser   .

Here “.” indicates the current working directory

From the above output, we can see more processes are occupying the current directory.

Ex:3 Check with the -v verbose output

#fuser -v  .

The output now displayed the owner name of the process, PID  and much more in a separate column.
Note: You can also use the -u option with the “fuser” command to get the owner list for all the processes that are occupying your current directory

#fuser -cu  /home

Ex:4 Display which Processes using the executable

In this example let me try open the firefox page on my server by using the command “firefox” and after that let us check whether “fuser” identifies the executable file path from this firefox program.

#firefox

Now, I will get the path for the executable program(firefox) by running the following command,

#ps  -aef  |grep firefox

From the output the first line shows the executable path for the Firefox, we will use this path with the fuser now,

#fuser  /usr/lib64/firefox-3.6/firefox

 The output shows the PID of the process and “e” indicates the file is an executable one.

Ex:4 Umount the filesystem with “-f” option

You can also unmount a busy filesystem with the -f option(forcefully), But remember running the following command will put your filesystem in maintenance state  or data loss also may occur as it will forcefully kill the running process ,So it is highly recommended before you test this in your production box take a full back up of the particular filesystem so that if any data loss occurs you can restore it back later .
Note: Programs which access the files will get an error after unmounted with -f option.

#umount -f /home

###################################################################################

 

If you found this article useful, Kindly Subscribe 👉🏿👉🏿Click this link to Subscribe

 

 

 

Understanding Mount and Unmount Concepts.

Mounting is attaching the filesystem to the directory structure in Unix and UNIX like operating systems.As all we know the filesystem is used to organize the data on a system or in storage media like USB, CD-ROM, DVD.In flavors of UNIX operating system, all the directory falls below the / (i.e root) directory.
If you want to access the data on a storage or partition devices, you must let the Operating system to know in the directory tree where to mount the device,For example  if you want to access the files from CDROM, the user should inform the OS to make the filesystem  on the CDROM display in some directory, by default /media  or /mnt Directory exists for this purpose.So to access the data user must have to attach the partition to some mount point directory.

Mount point is nothing but, its a directory where the filesystem gets attached or mounted, So all the directories are accessible through “/ “only. Manually users can create the mount point directory at any locations.
Mount: To make  the  filesystem visible to the users and the operating system
unmount: To safely detach the filesystem from its mount point directory tree.usually when we need to shrink a filesystem size or running the filesystem check(fsck) to check the integrity test on the partition it should be on inactive status.
So in order to access the data from the partition, the user must have to attach the filesystem to some mount point directory structure.Let us see how to mount the partition to the mount point directory,
Before you start mounting you should create a partition and format it with the preferred filesystem(i.e ext3,ext4).All we have to do is create an empty directory and then attach the filesystem to this mount point directory.
Syntax: To mount a filesystem to mount point directory
#mount  -t    <Device to be mount>    <mount point directory>

-t  –> To mention the filesystem type(without -t option it takes the default filesystem).

Ex:1 To mount a filesystem


I have a  partition on one of my disks with the size 1GB (/dev/sda3), I am going to use this partition for mounting..
Create a new mount point directory
#mkdir   /mydata

#mount  -t  ext4   /dev/sda3     /mydata

After mounting use the “df” command to check whether it is mounted properly on the mount point directory.
To check the currently mounted filesystem details run the  below command,
#df  -h

h –> human readble format(i.e display the size in (KB,MB,GB)

From the above output, we can see the details of  all the currently mounted filesystem,
Let me explain you the above output in detail(column-wise),
1.The mounted device
2.Total size of the partition
3.Used size of the partition
4.Avaiable size
5.used size in %
6.Where it is mounted (mount point directory).

Ex:2  How to unmount a mounted filesystem safely?


Unmounting is nothing but brining  the active file system in to inactive state, for this we have to use the command “umount” followed by the filesystem name or you can use the mount point directory to safely detach it from its mount point directory.
Syntx:
#umount    <Filesystem>

or

#umount  <mount point directory>
Always remeber before you decide to unmount a filesystem  the following things you need to check,
1.The filesystems is in active state or not(if the filesystem is in active state make it inactive)
2.How many users are accessing that parition (inform all the users regarding this activity)
3.Once you have done all these you can use the umount command to detach the filesystem from its mount point directory.
Check the currently mounted filesystem details
#df -h

The above output shows /dev/sda2 is in mounted state, let us unmount this
To unmount
#umount  /dev/sda2

or

#umount  /mydata

Check whether it is unmounted safely, To confirm that Run once again the “df” command
#df -h

From the above output, it is confirmed the partition /dev/sda2 is unmounted.

Ex:3 How to mount a CD-ROM manually 


As we all  know /dev is the directory which holds all the device files, device files for the CD-ROM will reside in /dev directory.
For the removable media, we have two mount point directory available by default in Linux /media or /mnt The, CD-ROM will be mounted on either  /media or /mnt.
Now if you want to access the files from the CD-ROM, first insert the CD in to the drive and mount the drive manually to /media mount point directory to access the files from the CDROM.Make sure /media or /mnt directory is available before you mount the drive if the directory is not available create a new one.
Syntax
#mount  -t  <device>  <mount point directory>
Before you mount the CDROM we need to check and find the CD/DVD drives available.To do that we have a command “wodim” with the    -devices option it will scan and give the output names found inside the /dev directory.
#wodim  --devices
Sample output: wodim:Overview of accessible drives

0 /dev="/dev/sr0"   rwrw-- :  CD/DVDW SH-5H9K
From the above output CD/DVD drives could access from the location /dev/sr0, Now mount the CDROM
#mount  -t  iso9660    /dev/sr0   /media
Note: ISO9660 is the standard filesystem for all CD-ROM, So here we inform the mount command to mount the iso9660 filesystem type on /dev/sr0(Removable device)

The above output showing some error /dev/sr0 is write-protected because you are trying to mount the CDROM with read and write access, Remember always you have to mount the CD/DVD devices with ro permission only.
#mount -t  iso9660  -o  ro   /dev/sr0   /media

After mounting you can access  all the files from the CD-ROM from the mount point directory /media
Run the “df -h” command to  check the currently mounted filesystem information
#df -h

Now to access the files from the CDROM we need to change our path to the  /media directory and list  all the files
#cd  /media
#ls

From the above output, it prints all the files from the CDROM.

To unmount the  Media


#umount  /media
#df -h

Follow the same steps if you want to mount manually the DVD/floppy devices.

Importance of /etc/mtab file


In Linux to  monitor and track of mounted filesystem  the first method is  loaded in kernel and deliver the information to the user via /proc/mounts file, and the second method is with the file  /etc/mtab(mount table),the “mount” command uses this file to retrieve and display all the information.
/etc/mtab is a sensitive file as the kernel always track the mounted filesystem, so editing this file by hand would cause the system to lead to inconsistency and booting problem.
#cat  /proc/mounts

The above screenshot shows, the mounted filesystem details including  the mount point directory, filesystem type, flag information.
Let us see the output of /etc/mtab file
#cat  /etc/mtab

From the above output
1.The first line shows the mounted device or filesystem
2.The second line shows where the device is mounted i.e mount point directory
3.The Filesystem type i.e ext filesystem or removable media type filesystems
4.Options for mounting i.e,rw or ro
5.Dump command option,”0″ means no check
6.Fsck check order (while booting  it will check the filesystems) 0 means no check

Understanding “fstab” configuration file


This file is the most important one in Linux, the path for the fstab is located inside the /etc/fstab directory
fstab will  look for the filesystem and automatically mount them when the system boots next time.
fstab stands for filesystem table ,if you need to mount the filesystem automatically during the booting time you must put the filesystem inside /etc/fstab ,Usually after we mounting the filesystem to some mount point directory it is available for the users to access the data, now what would happen when you restart or shutdown the system?When you power on next time, All The mounted filesystems will go to unmounted state by default, Now To bring the filesystem  to active state  you have to mount one by one all the filesystems  which all are went to unmounted state,
Imagine what would happen If the disk with 100 or more mounted paritions, its really a headche for the system adminstrator to keep all these in memory, so to avoid these difficulties it’s safe to put all the important  filesystems inside the  /etc/fstab file to get automatically mount on next power on the system.
Let us have a look at the enties inside the fstab file.You can use the vi editor to edit this file if you are not comfortable with the vi editor you can use the gedit utility

Description of fstab file


1.LABEL – List the device to be mounted

2.Mount Point- Notes the directory where the filesystem will be mounted

3.Filesystem format- Describe the filesystem type i.e ext2,ext3,ext4

4.Defaults-read-only or read write, exec or noexec (exec means it allows to execute binaries,noexec means cant execute)

5.Dumpvalue- It means the data is automatically saved to disk by the dump command when you exit Linux

6.Filesystem check order(fsck check)- we use numeric values to check the filesystem 0 means ignore, nonzero means check.

#vi  /etc/fstab

the inside view of the fstab file will look like this 👇🏻

From the above 👆🏻 output some partitions and device entries have been  saved already  by the kernel, if you are adding a new filesystem or device you need to manually create a mount point  directory and insert it in to this file./dev/sda2 is not listed inside the
From the above output  /dev/sda2 is not listed inside the fstab file, so every time when you power on the system you will have to manually mount the /dev/sda2 filesystem to its mount point directory to make it visible and accessible to the users and system.
To make it mount automatically whenever you power on the system, add the /dev/sda2 details inside this fstab file.
I am going to show you how it looks before and after adding the filesystem information in to fstab file.

After login run the df -h to check the mounted filesystem details , it will not mount the /dev/sda2 filesystem automatically.

Now put the /dev/sda2 details inside the fstab file and reboot  the system, once you logged in check once again with the df -h  this time /dev/sda2 will get automatically mounted, let me show you how to add the /dev/sda2 filesystem entries inside the fstab file.

I have successfully added the /dev/sda2 filesystem entries inside the fstab file, use the tab button to go to the next field don’t use the spacebar  button to go the next filed doing so would create error and also it may  cause booting problem as  kernel will check each and every line inside the fstab  during the booting process, if no error found inside this file then after that it starts processing further program, even if you add a  dot or, any special characters (which is not required) inside the file, the system will not boot.
Now restart the system to make the changes effect,
#reboot

Now check whether /dev/sda2 is automatically mounted
#df -h

As you can see the above output  /dev/sda2  gets automatically mounted since we have mentioned the filesystem details inside the /etc/fstab file.

To display all the mount details


After mounting the partition to some mount point directory you can either use “mount command or df -h” to display all the details.
Run the mount command without any option
#mount

To mount all the filesystem mentioned in the /etc/fstab file


The filesystems mentioned in the /etc/fstab file will get automatically mounted while booting, after booting sometime  we unmount some of the filesystems listed inside /etc/fstab for some purpose.
Now if you want to mount only the filesystems that are listed inside the /etc/fstab file run the “mount”  command with the option -a, this will mount only the filesystems that are listed inside the fstab file.
#mount  -a

To unmount  only the filesystem listed in fstab


#umount -a
Note: This command is not recommeded to run in production server as it would bring the server to downstate after execution.

From the above screenshot, it has been confirmed all the filesystems mentioned inside the fstab is unmounted except “/”, coz you cannot bring the / to unmounted state, bringing the / to unmount state is like trying to  format the c:/ drive in windows OS.That is why you are getting an error message stating that “/” device is busy.

How to remount a flesystem


You can remount a mounted filesystem by using the “remount” command,usally adminstartor use this command only when they need to bring it back the filesystem status from read only to read write permission.
Let me show you one example, i have a parition /dev/sda3 and it is mounted as readonly in the mount point directory /skype, now i need to mount the filesystem  /dev/sda3  with read &write  permission.

 

Check the mounted  status of the /dev/sda3 filesystem by using the following command
#mount |grep /skype

Now remount the filesystem with read &write
#mount  -o  remount,rw   /skype

#mount   |grep   /skype

The above output shows the filesystem /dev/sda3 is now mounted with readwrite access.

How to attach the mount point to a new directory


It is possible to bind a moutpoint to another directory, doing so  the users can access the data from both the mount point directory at the same time.With mount command add – -bind option followed ny old mount point and new mpunt point.
Syntax:
#mount  -  -bind   <old mount point directory>   <new mount point directory>
#df  -h

Now bind the mount point to another directory
#mount  -  -bind   /skype   /whatsapp

Now check whether the filesystem can be access via two mount point directory
#mount  |grep  /skype

The above output shows both the mount point merged properly, Now if you do any modification in any of the mount point  it will  get update on the other mount point also.
Let me show you this with one example, Am going to create some directorys inside the /skype , after creating check with the another mount point directory(/Whatsapp) you would see the newly created directory there.
#cd  /skype
#ls
#mkdir  dir1 dir2
#ls

#cd  /whatsapp
#ls

I hope now have understood the mounting and unmounting concepts 😊😊…

##############################################################################################

 

If you found this article useful, Please Subscribe and leave your comments below, ThankYou😊😊

[rainmaker_form id=”235″]

 

 

 

 

How to delete the Partition in RHEL

 Delete the partition:


In our previous tutorials, we have seen the concepts of  Linux disk management and creating the partitions, MBR, GPT partitions schemes, Now we are going to learn how to delete the partition permanently.

Whatever the task we do in Linux there are some procedures available for each and every task that we must have to follow in order to avoid the critical errors.

Procedures to delete the partition:


1.Check the hard disk  partition details

2.Check the filesystem is in active state  or in inactive state (i.e mounted state or unmounted state)

3.Unmount the mounted filesystem.

4.Verify whether it is unmounted properly

45Using the “fdisk “command to delete the partition

6.Save the changes and confirm it by using the fdisk command

Step:1 Check the  harddisk partition details


#fdisk  -l

From the above screenshot, the disk /dev/sdb is having two paritions, we will select the second partition(/dev/sdb2/) here to delete.

Step:2 Check the filesystem is in mounted state  or in unmounted state


#df  -h

The above screenshot says the partition /dev/sdb2 is in mounted state, so now we have to make this in to unmounted state(i.e inactive)

Step:3 Unmount the mounted filesystem


Syntax: To unmount a filesystem

#umount   <filesystem>

or

#umount  <mount point directory>

#umount   /dev/sdb2

or you can use the mount point directory to unmount (I have displayed both the ways to unmount, you can either use the mount point directory or use the filesystem name)

Step:4 Verify whether it is unmounted properly


#df  -h

From the above output, we have confirmed the /dev/sdb2 partition is in inactive state

Step:5  Using the fdisk command delete the partition


#fdisk   /dev/sdb

From the above screenshot, we have successfully deleted the partition /dev/sdb2

Step:6 Confirm it by using the “fdisk” command


#fdisk  -l

Now the partition /dev/sdb2 successfully remove from the hard disk

Note: If you forget to save the partition changes by pressing “w” then it won’t save the changes to the kernel memory when you run “fdisk -l you will see only the previous partition layout information.So always make sure you have saved the partition table changes to the kernel memory by pressing “w” before you exit from the fdisk program.

I hope now you have understood the Linux disk management concepts…if you have any queries feel free to leave a comment….. 

 

If you found this article useful, Kindly Subscribe 👉🏿👉🏿Click this link to Subscribe