RHCE

RHCE ~

Red Hat Certified Engineer

Red Hat Administration II Book Author :

Momen Hany

Copyright May 2012 ,

2012 Engineer Momen Hany Mohamed
 RHCE

F
N P
L

Welcome in

RH 135 - Red Hat Administration II

Copyright May 2012 ,

Engineer Momen Hany Mohamed
 RHCE

Contents F
N P
L
Copyright
Unit1:Introducation
Unit2:Startup and Shutdown
Unit3:System Administration Tools
Unit4:Packaging Tools
Unit5:File System
Unit6:Rescue Mode RH 135 - Red Hat Administration II
Unit7:Partitioning and Disk Management
Unit8:Kernel
Unit9:Memory Management
Unit10:Sheduling
Unit11:Backup and Restore
Unit12:User Administration
Unit13:User Level Security
Unit14:Special Permission

By Eng Momen Hany Copyright May 2012 ,

Engineer Momen Hany Mohamed
 Copyright
F
The contents of this book are copyright May 2012 , N P
Engineer Momen Hany Mohamed. L
Does not allow the amendment in this book , A free copy
of any one.
The Instructors also have the right to be assisted
in this book in their own explanations and labs.
Been used to create this book with Eng.M-Hany
Experience , IBM, red hat and general books.

Contact book owner : -

Mobil: (Egypt) +2 011 437 395 45
Email: IT.momenhany@hotmail.com
http://www.facebook.com/MomenHanyFP

By Eng Momen Hany Copyright May 2012 ,

Engineer Momen Hany Mohamed
 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit1:
Introduction

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o RHCSA Overview

o RHCE Certified Engineer Overview

o Book Overview

o Copyright

o Course Requirements

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

RHCSA Overview
http://www.redhat.com/training/certifications/rhcsa/

RHCE Overview
http://www.redhat.com/training/certifications/rhce/

Book Overview

Copyright

Course Requirements

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
Red Hat Certified System Administrator RHCSA L
An RHCSA certification is earned when an IT professional demonstrates the core system administration
skills required in Red Hat Enterprise Linux environments.
Prerequisites
The RHCSA is Red Hat's core system administration certification and represents the common core of skills
every Red Hat Enterprise Linux system administrator should have. An IT professional that has earned an
RHCSA certification has demonstrated skills in areas of system administration common across a wide range
of environments and deployment scenarios.

An RHCSA is able to perform the following tasks:

Understand and use essential tools for handling files, directories, command-line environments, and
documentation.
Operate running systems, including booting into different run levels, identifying processes, starting and
stopping virtual machines, and controlling services.
Configure local storage using partitions and logical volumes.
Create and configure file systems and file system attributes, such as permissions, encryption, access
control lists, and network file systems.
Deploy, configure, and maintain systems, including software installation, update, and core services.
Manage users and groups, including use of a centralized directory for authentication.
Manage security, including basic firewall and SELinux configuration.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit2:
Startup and Shutdown

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Describe the Linux startup flow

o Boot Linux in single-user mode

o Configure auto starting services

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Linux Startup Flow N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Linux Startup Flow N P
L

Basic Input Output System

Checks memory and hardware (POST)

Loads options from nonvolatile memory

Memory timings
Order of boot devices
Checks for boot devices
Floppy disks
CD-ROM
Hard disks
Loads Master Boot Record of boot device and executes it

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Linux Startup Flow N P
L

Size: 512 bytes (first sector of hd)

Addressed by BIOS
Content:
446 bytes program code (to boot an
operating system)
64 bytes partition table with max. 4
entries
2 bytes "magic number"

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Linux Startup Flow N P
L

Boot Loader

GRUB LILO
Grand Unified Boot loader Linux Loader

LILO has no interactive command interface, whereas GRUB does.

LILO does not support booting from a network, whereas GRUB does.
LILO does not support Boot Encryption.
GRUP support MD5 Encryption.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Linux Startup Flow N P
L

Access Grub configuration File

# vi /boot/grub/grub.conf

Default=0 System number 0

Timeout=5 Wait for auto boot to default option
Splashimage=(hd0,0)/grub/splash.xpm.gz Sys logo
Title CentOS (2.6.18-92.el5) System name
root (hd0,0)
kernel /vmlinuz-2.6.18-92.el5 ro root=LABEL=/ rhgb
quiet
initrd /initrd-2.6.18-92.el5.img

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Linux Startup Flow N P
L
init
init is started by the kernel after the root fs is mounted
init reads configuration file /etc/inittab
Decides on default runlevel if no runlevel is given
Runlevels have different meaning:
0: halt
1: single user mode
2: multiuser without NFS
3: full multiuser mode
4: unused
5: multiuser with graphical login
6: reboot
init will start all programs for that runlevel

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Boot Linux in single-user mode N P
L

init
Lab :
# init 0 shutdown system
# init 5 go to GUI
# init 3 Multi Mode
# init 6 reboot system

Login by 1 mode level

Restart System edit in boot level (1)

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Boot Linux in single-user mode N P
L

init
# vi /etc/inittab

Id:5 Start level mode number

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Managing Services N
F
P
L

# ls l /etc/rc.d/rc3.d

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Managing Services N
F
P
L

Configuring Services per Runlevel

# chkconfig --list
# chkconfig atd on
# chkconfig --level 35 atd on
# chkconfig --level 35 atd off
# chkconfig --list atd
# chkconfig --level 12356 atd reset
# chkconfig --level 12356 atd | grep :on
# chkconfig --level 12356 atd | grep :off
# chkconfig --del atd
# chkconfig --add atd

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Managing Services N
F
P
L
Starting and Stopping Services Manually
# service atd restart
Stopping atd: [ OK ]
Starting atd: [ OK ]

# service atd stop

# service atd start
# service atd status
Or

# /etc/init.d/servicename (start,stop,restart,status)

# service --status-all

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit3:
System Administration Tools

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o List the order of login scripts

o Discuss System Management tools

o Install and uninstall additional software

o Configure a printer

o Configure a Network and sound card

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 List the order of login scripts N
F
P
L

Customizing User Environment

Bash Initialization
/etc/profile Contain system administrator processes
$ HOME/.bash_profile Contain User processes
$ HOME/.bash_login Contain Login User Configuration
$ HOME/.profile
$ HOME/.bash_logout Contain Logout User Configuration
$ HOME/.bash_history Save all Command history.
$ HOME/.bashrc Contain Alias Command

# cat .bash_history

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Discuss System Management tools N
F
P
L

List setup command (TUI Tool)

# setup

List system-config-<tab> command (GUI Tool)

# system-config-<press tab>

GUI System \ Administration

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Install and uninstall additional software N
F
P
L

Adding/Removing Software Using RPM

Use rpm to install or upgrade software packages

Common options:
-i : installing new packages
-U : upgrading existing packages
-e : removing packages
RPM
-h : Shows a progress bar
Red hat Package Management
$ rpm -ihv momenpro.i386.rpm
momenpro ###############....
$ rpm -Uhv momenpro.i386.rpm
momenpro ###############.....
$ rpm -e momenpro

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Install and uninstall additional software N
F
P
L
You can Donwload any RPM pachage using Linux Tools such as , wget :

# wget <download link>

#wget http://www.download.org/rpmpackages/webmin.rpm

30% Webmin.rpm ###############.... 70kbp/s Total Size 16MB

Use rpm Command

# rpm i packagename
# rpm ivh packagename install package with show information and progress
# rpm Uvh Packagename upgradeing with show info and progress
# rpm q packagename Quarry about packagename

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Install and uninstall additional software N
F
P
L

Install tar package and compressed file:

# tar zxf packagename.tar.gz
( z ) for gzip
( x ) for tar package extension
( f ) for file

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 X N
F
P
L

Install and access webmin

To access webmin interface
http://localhost.localdomain:10000

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Configure a printer N
F
P
L

To access Printer Manager Console

http://localhost:631

Add New Printer ?

Add New Class ?
Manage Permission ?
.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Configure a Network and N
F
P
Sound card L

Configure Network Card :

# ifconfig for show ethernet configuration in tur
# neat for show ethernet configuration in GUI
# ifconfig eth0 select and edite in eth0
# system-config-network -()()()()()()-

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Configure a Network and N
F
P
Sound card L

Configure Sound card :

# system-config-soundcard

-GUI System\ Administration \Sound card detection

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit4:
Packaging Tools

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Installing Package

o Describe the RPM build process

o Using wget tool

o Using YUM

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Install and uninstall additional software N
F
P
L

Adding/Removing Software Using RPM

Use rpm to install or upgrade software packages

Common options:
-i : installing new packages
-U : upgrading existing packages
-e : removing packages
RPM
-h : Shows a progress bar
Red hat Package Management
$ rpm -ihv momenpro.i386.rpm
momenpro ###############....
$ rpm -Uhv momenpro.i386.rpm
momenpro ###############.....
$ rpm -e momenpro

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Install and uninstall additional software N
F
P
L

Install tar package and compressed file:

# tar zxf packagename.tar.gz
( z ) for gzip
( x ) for tar package extension
( f ) for file
Find Install ways in either files

Install
README

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Describe the RPM build process N
F
P
L

# rpmbuild -ba /usr/src/redhat/SPECS/hello.spec

# rpmbuild -bb /usr/src/redhat/SPECS/hello.src

... tons of messages ...

Wrote /usr/src/redhat/RPMS/i386/hello-1.2-1.i386.rpm *.SPEC
Wrote /usr/src/redhat/SRPMS/hello.1.2-1.src.rpm *.BIN

rpm -bp Will only execute the %prep stage

rpm -bc Will execute %prep and %build
rpm -bi Will execute %prep, %build and %install
rpm -bb Will execute %prep, %build, %install and create a binary RPM
rpm -bs Will create a source RPM
rpm -ba Will create a binary and source RPM

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Wget N
F
P
L
You can Donwload any RPM pachage using Linux Tools such as , wget :

# wget <download link>

#wget http://www.download.org/rpmpackages/webmin.rpm

30% Webmin.rpm ###############.... 70kbp/s Total Size 16MB

Use rpm Command

# rpm i packagename
# rpm ivh packagename install package with show information and progress
# rpm Uvh Packagename upgradeing with show info and progress
# rpm q packagename Quarry about packagename

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Using YUM N
F
P
L

Yum is powerful command-line tool that can be used to more

flexibly manage (install,update,remove,and query) software
packages.

You can configure YUM to get packages from third-party

package repositories over the network.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Using YUM N
F
P
L

To update system. Update of the system with all the dependencies that are necessary:
# yum update

Searches. To make a search of some package or term in the data base in some of the
formed deposits yum in the system:
# yum search any-package

Installation of packages. Installation with automatic resolution of dependencies:

# yum install any-package

Uninstalling packages. packages along with everything what it depends

on these:
# yum remove any-package

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Using YUM N
F
P
L
Listing Packages. The following thing will list all the packages available in the YUM data
base:
# yum list|less

The following thing will list all the packages installed in the system:
# yum list installed|less

The following thing will list all the packages installed in the system and that can (they
must) be updated:
# yum list updates|less

The following thing will list information about specific package:

# yum info any-package

The following thing will Search about specific package:

# yum search any-package

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Using YUM N
F
P
L
Install Package group:
# yum groupinstall GNOME Desktop Environment

YUM File in System

# cat /etc/yum.repos.d/rhel-source.repo
# cat /etc/yum.repos.d/centos-base.repo

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit5:
File System

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o File System Types

o H.D Blocks

o File system Features

o Creating a File system

o Mounting a File system

o Using Quota

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 File System Types N
F
P
L

Ext2
Ext3
Ext4

Place to store files and refer to them

Hierarchical structure through use of directories
A file system can be stored on any block device
Floppy disk
Hard disk
Partition
RAID, LVM volume
RAM disk

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 H.D Blocks N
F
P
L

Partition divided into blocks of 1024, 2048 or 4096 bytes

- Blocksize depends on size of fs and expected usage

Blocks can have different usage:

Super I node
Block Block

Data
Block

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 H.D Blocks N
F
P
L

First block of filesystem, several copies (at 8193,

16385, ...)
Contains general info on filesystem
Last mounted time/place
Block size
Pointers to free inodes
Pointers to free blocks
Pointer to root of filesystem

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 H.D Blocks N
F
P
L

128 bytes (8 per block of 1024 bytes)

Contains information about a file: owner,
group, type, size, permissions, ctime,atime, mtime, ...
Contains pointers to data blocks
Contains pointers to an indirect block, a
double indirect block and a triple indirect
block

# ls i

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 H.D Blocks N
F
P
L

Contain file data.

File may be a directory, in which case the data is the list of
file
names and inodes in that directory.
So multiple file names may point to the same inode! (Or files
may
have multiple names)

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 File system Features N
F
P
L
Filesystems can have other features that can be useful:
Access Control Lists (ACL)
Allow more extended permissions, not just rwxrwxrwx
Not yet supported by VFS abstraction layer
Journaling
Keeps a journal of operations that are going to take place, and
operations that were successfully committed
Should make recovery from a crash faster
Slight performance decrease
Extended file attributes
Examples: immutable, auto compression, undeletable
Labels
Allow mounting based on label instead of device name

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Creating a File system N
F
P
L
(1) Using fdisk command to create new partitions:

# fdisk /dev/sda

m for help

(2) Creating a filesystem is done with an mkfs variant

mke2fs, mke2fs -j
mkreiserfs
mkjfs
Typical options:
-b blocksize sets blocksize
-i bytes-per-inode sets number of inodes
-c checks disk for bad blocks
-j create journal file

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Creating a File system N
F
P
L

# mkfs t ext4 /dev/sdb8 Formatting Partition

# mke2fs -j -b 1024 -i 4096 -c /dev/sdb8

# mkfs.ext3 -j /dev/sdb8

# mkswap /dev/sdb8 Make partition swap

# mke2fs -b 1025 /dev/sdb8 Change block to 1025

# mke2fs -i 1656 /dev/sdb8 Change I node to 1656

# tune2fs -l /dev/sdb8 update file system to latest version on system

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Mounting a File system N
F
P
L

Temporary :

1- Create empty directory

# mkdir /mnt/mydata

2- Mount partition

# mount /dev/sdb7 /mnt/mydata

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Mounting a File system N
F
P
L

Permit:

1- Set a new row in /etc/fstab

# vi /etc/fstab

:wq

Show mounted point

# df -h
# mount -l

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Using Quota N
F
P
L
1- Set a new row in /etc/fstab

# vi /etc/fstab

:wq

2- Remount partition

# mount -o remount /mnt/mydata

3- Create quota file db

# touch /mnt/mydata/quota.user
# touch /mnt/mydata/quota.group

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Using Quota N
F
P
L
4- Check disk quota
# quotacheck -cug /mnt/mydata

5- Set quota
user
# edquota -u username

6- Show quota applied

# repquota a
# quotaon /mnt/mydata
# quotaoff /mnt/mydata
Or

# setquota -u username 200 250 15 20

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit6:
Rescue Mode

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o What is The Rescue Mode

o Booting Rescue Mode

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 What Is Rescue Mode ?? N
F
P
L

Rescue mode is a term used to describe a method

of booting a small Linux environment completely
from diskettes.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Booting Rescue Mode N
F
P
L

To boot your system in rescue mode, boot off of a Red Hat Linux boot disk
or Red Hat Linux CD-ROM , and enter the following command at the
installation boot prompt:

Boot : Linux rescue

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit7:
Partitioning and Disk Management

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o LVM

o RAID Level

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 LVM N
F
P
L
Logical Volume Management
Traditional disk partitioning scheme has several disadvantages:
Virtually impossible to resize or move a partition
Partition size is limited by disk size

Logical Volume Management solves these disadvantages:

One or more Physical Volumes (hard disks, partitions) are assigned to a
Volume Group (VG).
All Physical Volumes (PV) are split into Physical Extents (PE) of identical
size (default 4 MB).
PE's in a VG can be combined into Logical Volumes (LV), which can be
used like any block device.

An LV can span multiple disks

To increase the size of an LV, add PEs
To increase the size of a VG, add PVs

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 LVM N
F
P
L

Volume Group
Physical Volume Physical Volume
(VG)
(PV) (PV)

sda sdb
Logical Volume
PE PE PE PE
(LV)

PE PE PE PE

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 LVM N
F
P
L

1- Create Partitions on either 1 Disk or Separated Disks

# disk /dev/sd**

2- Create journal file on each partition

# mke2s -j /dev/sd**

3- Create Physical Volume or each partition

# pvcreate /dev/sd**

4- Create Volume Group

# vgcreate <vgname> /dev/sdb1 /dev/sdc1 /dev/sbb5

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 LVM N
F
P
L

5- Create Logical Volume

# lvcreate -L 1024m -n <lvname> <vgname> Display LVM

# pvdisplay
6- Create Journaling File # vgdisplay
# lvdisplay
# mkfs -j /dev/vgname/lvname

7- Mount lv under any empty directory such as /mnt/lv1

# mount /dev/vgname/lvname /mnt/lv1

Or Set mount point in /etc/fstab

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 LVM N
F
P
L

Manage VG & LV after installation :-

If any pv have failure in your VG , you must first add new pv

and transfer all data to new pv and remove failure pv.

1-Create a new partition .

2-Create journal file to partition using mke2s -j .
3-Create PV
# pvcreate /dev/sdb7

4-Extend PV to you VG
# vgextend <vgname> /dev/sdb7

5-Resize LV After add PV

# lvextend -L +100M /dev/vgname/lvname

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 LVM N
F
P
L

6-Move all data from failure pv to new pv

# pvmove /dev/sdb5 /dev/sdb7

7-Remove /dev/sdb5 that have a failure

# vgreduce <vgname> /dev/sdb5

8-Resize LV after remove /dev/sdb5 that have a failure

# lvreduce -L -100M /dev/vgname/lvname

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID Linear N
F
P
L

Spanned

sda sdb

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID 0 N
F
P
L

Random Read Performance: Very good; Striped

better if using larger stripe sizes if the
controller supports independent reads to sda sdb
different disks in the array.

Random Write Performance: Very good;

again, best if using a larger stripe size and a
controller supporting independent writes.

Sequential Read Performance: Very good to

excellent.

Sequential Write Performance: Very good.

Cost: Lowest of all RAID levels.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID 1 N
F
P
L
Storage Efficiency: 50% if drives of the same size are
Mirror
used, otherwise (Size of Smaller Drive / (Size of
Smaller Drive + Size of Larger Drive)
sda sdb

Fault Tolerance: Very good; duplexing even better. =

Availability: Very good. Most RAID controllers, even
low-end ones, will support hot sparing and automatic
rebuilding of RAID 1 arrays.

Random Read Performance: Good. Better than a

single drive but worse than many other RAID levels.

Random Write Performance: Good. Worse than a

single drive, but better than many other RAID levels.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID 3 N
F
P
L
Hard Disk Requirements: Minimum of three standard hard disks;
maximum set by controller. Should be of identical size and type RAID 3

Fault Tolerance: Good. Can tolerate loss of one drive, none sda sdb sdc
parity. P 1 1
2 2 2
Random Read Performance: Very good to excellent. 3 3 3

Random Write Performance: Only fair, due to parity overhead.

Sequential Read Performance: Good to very good; generally

better for smaller stripe sizes.

Sequential Write Performance: Fair to good.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID 5 N
F
P
L
Hard Disk Requirements: Minimum of three standard hard disks;
maximum set by controller. Should be of identical size and type RAID 5

sda sdb sdc

Fault Tolerance: Good. Can tolerate loss of one drive.
P 1 1
Random Read Performance: Very good to excellent. 2 P 2
3 3 P
Random Write Performance: Only fair, due to parity overhead.

Sequential Read Performance: Good to very good; generally

better for smaller stripe sizes.

Sequential Write Performance: Fair to good.

Recommended Uses: RAID 5

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID 6 N
F
P
L
Hard Disk Requirements: Minimum of four
hard disks; maximum set by controller. RAID 6
Should be of identical size and type.
sda sdb sdc sdd
Fault Tolerance: Very good to excellent. P 1 1 P
2 P 2 2
Availability: Excellent. 3 3 P 3

Random Read Performance: Very good to excellent; generally better for

larger stripe sizes.
Random Write Performance: Poor, due to dual parity overhead and
complexity.
Sequential Read Performance: Good to very good; generally better for
smaller stripe sizes.
Sequential Write Performance: Fair.
Cost: High.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID 10 or 01 N
F
P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID N
F
P
L

Implementing RAID :-

1-Create Multiple Partition

2-Collect Partitions to create RAID[0-10].
3-Format {md*}.
4-Mount {md*}.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID N
F
P
L

Lab:

1-Create RAID With Installation.

2-Create RAID Using Disk Management.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID N
F
P
L
Create Multiple Partitions

# fdisk /dev/sdb
# m for help menu

Collect Partitions to create RAID[0-10]

# mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/sdb5

/dev/sdc6
Format {md*}

# mke2fs -t ext4 -j /dev/md0

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RAID N
F
P
L

Mount {md*}

# mkdir /mnt/raid0

# mount /dev/md0 /mnt/raid0

Test

# mount

# df -h

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit8:
Kernel

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Kernel Concept

o Kernel Modules

o kernel Compilation

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Kernel N P
L

kernel is the central core of operating system.

it does not interact with user , rather it interact with shell as well as with
hardware devices.

http://www.kernel.org/

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Kernel N P
L
Kind of Kernel

Symmetric Kernel (K86) Kernel-Xen

Multiprocessing
(SMP)
Support in (X86): Support in (X86):
Support in (X86): 32Processor 32Processor
32Processor 4GB RAM 16GB RAM
16GB RAM
Support in (X64):
Support in (X64): Support in (X64): 128Processor
64Processor 64Processor 512GB RAM
512GB RAM 64GB RAM Virtualization

# uname -a Show Kernel Version

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Kernel Modules N P
L

Modules are pieces of code that can be loaded and unloaded into the kernel upon demand.
They extend the functionality of the kernel without the need to reboot the system. For
example, one type of module is the device driver, which allows the kernel to access hardware
connected to the system.

# lsmod Show Kernel Modules

# lsmod usb_storage
# modprobe usb_storage insert Module
# insmod usb_storage insert Module
# modprobe -r usb_storage Remove Module
# rmmod usb_storage Remove Module

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Kernel Modules N P
L
Kernel
Modules

Dynamic Static
Modules Modules

-Initial RAM Disk -Hard Disk Device

-USB Storage

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
kernel Compilation N P
L
Installing Kernel Source

From SLES distribution: use rpm to install the kernel sources package
# rpm -ivh kernel-source-version.rpm

From Internet: Download linux-version.tar.gz or linux-version.tar.bz2 and unpack

in /usr/src
# cd /usr/src
# tar -zxvf /root/linux-version.tar.gz
# tar -jxvf /root/linux-version.tar.bz2

After installation, clean the tree really well to remove all

configurations changes made by the distribution builder
# cd /usr/src/linux-version
# make mrproper
# make oldconfig

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
kernel Compilation N P
L
Configuring the Kernel Compile

Configure all kernel compilation options Configuration stored in .config file

Editing .config is hard...

Use the make utility instead:

# make config (command line)
# make menuconfig (ncurses based - much easier)
# make xconfig (QT-based GUI)

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
kernel Compilation N P
L
Compiling the Kernel Most important targets:

# make clean
Cleans up old .o, .a files, and so forth
# make dep
Checks dependencies
# make bzImage
Compiles kernel
May take 5-60 minutes
Creates kernel image (bzImage) in
/usr/src/linux-<VERSION>/arch/<CPUTYPE>/boot
# make modules
Compiles modules
May take 2-60 minutes
Can be combined:
# make clean dep bzImage modules

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
kernel Compilation N P
L
Copy kernel image to /boot
cp arch/i386/boot/bzImage /boot/vmlinuz-version

All kernel path to grub file to show when boot

/boot/grub/grub.conf

Reboot System
# init 6

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit9:
Memory Management

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Describe Memory Management

o Create a paging Space Partition

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Describe Memory Management N
F
P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Create a paging Space Partition N
F
P
L
We need an empty partition/LV/RAID volume or a regular file (not
recommended, poor performance)
-Partition type 82 (Linux swap)

Create paging space in that partition

# mkswap /dev/sda3

Activate paging space

# swapon -p 42 /dev/sda3

Deactivating paging space is done using

# swapoff /dev/sda3

Check swap space in procfs

# cat /proc/swaps

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Paging Space N
F
P
L

top displays memory, CPU and process statistics continuously

uptime displays system uptime + load
free displays memory statistics
sync flushes the cache to disk
xosview graphically displays a system overview
xload graphically displays system load
xsysinfo graphically displays system information
vmstat displays memory and other statistics every second
procinfo displays processor statistics

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit10:
Scheduling

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Use crontab

o Use anacron

o Use the at

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 crontab N
F
P
L
crontab files are stored: Minute Hours Days Month Week Command
In /var/spool/cron | | | | | |
| | | | | |
Three usage methods: | | | | | |
crontab -l List your crontab file | | | | | |
crontab -r Remove your crontab file | | | | | |
crontab -e Edit your crontab file | | | | | |
| | | | | |
*/1 * * * * . /root/script | | | | | |
*/1 * * * * ls -l

Note: /etc/crontab
If Server shutdown before
run cron task and turn on
after cron schedule , task
passive in this case.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 crontab N
F
P
L

The solution: Anacron

Runs commands periodically
At night if the system is on Service Manager
At startup to catch up on any missed jobs # service crond status
Jobs specified in /etc/anacrontab
Anacron is called by the boot scripts and by cron
Job execution information stored in /var/spool/anacron

# vi /var/spool/anacron/filename

Note: Anacron is not supported on SUSE

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 at N
F
P
L

Run a command once in the future

# at 4am
>date
>ls -l
<ctrl+d>

Or

# at 19:22

# at -d job number Show jobs

# at -f /root/script 16:00 + 3 days

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit11:
Backup and Restore

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Backup Schemes

o Backup Devices

o Default Backup Tools

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Backup Schemes N
F
P
L

Full backup
Preserves the whole system
System backup
Preserves system directories and files
Must include backup/restore tools
Usually on bootable media (floppy, CD-Writable)
Data backup
Preserves user data
Incremental or differential backup
Only backup files that changed
Very fast, but takes more time to restore
Must be used carefully
Needs more media

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Incremental and differential backup F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Backup Devices N
F
P
L

Tape drive

CD-R, CD-RW, DVD

(Removable) Hard disk

Zip, Jaz drive

Network (SAN)

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Default Backup Tools N
F
P
L

tar
Backs up individual files
Widely available
Excellent for transferring data between platforms
cpio
Backs up individual files
Widely available
Difficulties with many symbolic links
dump
Backs up whole filesystems
Can handle incremental backups (9 levels)

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Tar N
F
P
L
Backup with tar:
# tar -cvf home.tar /home

Restore with tar:

# tar -xvf home.tar < files to extract >

List contents of a tar backup:

# tar -tvf home.tar

Compression: use z option (gzip) or j option (bzip2)

# tar -zcvf home.tar.gz /home
# tar -jcvf home.tar.bz2 /home
---------------------------------------------
# tar -zcvf /backup/boot.tar.gz /boot
# tar -xvf boot.tar.gz <file to extract>

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 CPIO N
F
P
L

Backup with cpio:

# cpio -ov <files> > <device>
# find /home | cpio -ov > /dev/fd0

Restore with cpio:

# cpio -iv[-dum] [files] < <device>
# cpio -ivdum "/home/j*" < /dev/fd0

List contents of a cpio backup:

# cpio -itv < <device>
# cpio -itv < /dev/fd0

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
dump N P
L

To backup a complete filesystem use the dump command

Can handle incremental backups up to 9 levels
Information is stored in /etc/dumpdates

# dump -0 -u -a -f /backupdir/home.dump /home

# dump -1 -u -f backup@remhost:/tux.dump /

To restore a dumped filesystem:

# cd /home
# restore -xvf /backupdir/home.dump
....
set owner/mode for .? [y/n]
-------------------------------------
# dump -0 -u -a -f /root/backup/boot.dump /boot
# restore -xvf /boot.dump

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit12:
User Administration

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Add, change and delete user accounts

o Add, change and delete groups

o Configuration & DB Files

o Change Owner

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L
User Hierarchy

root
Super User
File permissions do not apply for root
Can do anything except the obvious
Account for the system administrator

bin, daemon, lp, sync, news, ftp, ap ..

User accounts used by different applications and daemons
Cannot (and should not) be used to log in

Ordinary user accounts

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Groups
A group is a set of users, all of whom need access to a given set of
files
Every user is a member of at least one group and can be a member
of several groups
Primary group: used for file/directory creation
Group set: used to determine access permissions
The user has access to files in all of the groups in its groupset.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
DB N P
L
Configuration File

/etc/login.defs

User and Group Data Base

/etc/shadow
/etc/gshadow
/etc/passwd
/etc/shadow
/etc/group

Userneme:Encpassword:UID:GID:Comment:HomeDir:ShellType

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Add,Remove,Change Users N
F
P
L

Add a user account:

# useradd momen
# passwd P@ssW0rd

Delete user account:

# userdel momen
# userdel -r momen Delete user account with home directory

Add user account to group <hrgroup>:

# usermod momen -G hrgroup

Chanage user id:

# usermod -u 666 momen

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Add,Remove,Change Users N
F
P
L
Lock user account:
# usermod -L momen

Unlock user account:

# usermod -U momen

Set expiration date to user account:

# usermod -e yyy-mmm-dd momen

User account never expire:

# usermod -e 0 momen

Change user account:

# usermod -g momen koko

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Add,Remove,Change Users N
F
P
L
Change Group ID: -g
Add Comment: -C
Change Home Dir: -d
Change Shell type: -s
Remove User: -r

# usermod -u 600 -g 700 -d /usr/test -s /bin/ksh -C Eng Momen Hany momen

# useradd -u 600 -g 700 -d /usr/test -s /bin/ksh -C Eng Momen Hany momen

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Add,Remove,Change Groups N
F
P
L

Create a group:
# groupadd hrgroup

Delete a group:
# groupdel hrgroup

Change group name:

# groupmod -n oldname newname

Add user to group:

# usermod -G hrgroup momen
# usermod momen -G hrgroup

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
/etc/passwd N P
L

Fields are separated by ":"

1) login name
2) password field (x means: encrypted password available)
3) UID
4) GID
5) GECOS field (user information)
6) home directory
7) login shell

Userneme:Encpassword:UID:GID:Comment:HomeDir:ShellType

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
/etc/shadow N P
L

1) Login name
2) Encrypted password (md5)
3) Last change of credentials (days since Jan 1, 1970)
4) Days before password may be changed
5) Days after which password must be changed
6) Days before password is to expire that user is warned
7) Days after password expires that account is disabled
8) Days since Jan 1, 1970 that account is disabled

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 /etc/group and /etc/gshadow N
F
P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 /etc/login.defs N
F
P
L

Mail directory : __________

Passwd : _______
UID : __________
?
GID : __________
Umask : ________
Home Directory : _________
..

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Login Scripts N
F
P
L

# Ls -a /etc/skel/.

If the administrator modify in login scripts .profile , .bashrc .. And you

need to create anew user with this modification enter this command:
# useradd -m momen

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

# chsh s /bin/ksh momen change shell login

# chage -E yyy-mm-dd momen Expiration date

# chage -m 10 momen Minimum password age

# chage -M momen Maximum password age

# chage -w 5 momen Worming password will expire

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Change Owner N
F
P
L

# ls -l

# chown momen /root/data Change user owner

# chgrp hrgroup /root/data Change group owner
# chown momen:hrgroup /root/data

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit13:
User Level Security

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Security Logs

o UserFul Command

o Privilege Escalation <Sudo>

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Security Logs N
F
P
L
/var/log/lastlog - Last successful login
/var/log/messages - General log file
/var/log/secure - Failed logins
/var/log/wtmp - Successful logins
/var/run/utmp - Currently logged in users

Notes:
/var/log/lastlog
Records the last time a user logged in. This file can be examined with the lastlog
command.
/var/log/messages
This is the general log file. Most applications and daemons will write log information to this
file. The messages file is an ASCII file which can be viewed with tail -f or more.
/var/log/secure
Keeps track of the failed login attempts. Use more /var/log/secure to view the contents of
this file.
/var/log/wtmp
All successful logins are saved in this file. This file can also be examined with the who
command. Another tool for viewing this file is the last command.
/var/run/umtp
Logs the users currently logged in the system. The default output of the who command is
the contents of this file.

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 UserFul Command N
F
P
L

# w Who is logged in and doing what?

# who Who is logged in and examine the contents of /var/log/wtmp and /var/log/utmp
# id Show information about a user
# last Show the last time a user logged in or the last time a tty was used to log in
# lastlog Show the last login time of all users

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Privilege Escalation N
F
P
<Sudo> L

Allows users to execute specific commands another user without requiring that
users password

/etc/sudoers file list which users are allowed to execute which commands on
which host as which user Edit this file with visudo only or ( vi /etc/sudores ) .
# vi /etc/sudores

User1 ALL=/sbin/fdisk
User1 ALL=/sbin/useradd
:wq

$ sudo /sbin/fdisk -l

# su user1 Switch user

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 RHCE

F
N P
L

RH 135 - Red Hat Administration II

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Unit14:
Special Permission

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
Module Overview N P
L

o Authentication & Authorization

o Pluggable Authentication Modules (PAM)

o File Permissions (Authorization)

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 Authentication & Authorization F
N P
L

Authentication: Verifying that you are who you say you are
Can be based on:
Something you only know (for example, password, PIN)
Something you only have (for example, smartcard, token, key)
Something you only are (for example, fingerprints, retina scan)

Authorization: Determining your level of access

File permissions
Account restrictions (login times, login tty, and so forth)

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 PAM F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 PAM F
N P
PAM Configuration File L

# cat /etc/pam.d/login

Some commonly used PAM modules are:

pam_unix.so: Regular UNIX authentication (passwords)
pam_env.so: Set environment variables
pam_cracklib.so: Check passwords for strength
pam_pwdb.so: Enforce password aging rules
pam_pwcheck.so: Check passwords (SUSE only)
pam_nologin.so: Deny login if /etc/nologin exists
pam_listfile.so: Allow/deny login if user listed in file
pam_securetty.so: Allow login for root only from secure ttys
pam_stack.so: Include another PAM config file (RH only)
pam_limits.so: Set limits on CPU and memory usage
pam_console.so: Set permissions for console users
pam_deny.so: Always gives an error
Several PAM modules have additional configuration files in /etc/security

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 File Permission - Authorization F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 File Permission - Authorization F
N P
L

SUID SGID Sticky Bit

Changing Permission 4 2 1
u+s g+s o+t
# chmod 1755 (or o+t) commondir
# ls -l
drwxrwxr-t 3 root proj11 4096 2003-05-13 08:53 commondir

# chmod 4755 (or u+s) commondir

# ls -l
-rwsr-xr-x 3 root proj11 73680 2003-03-17 16:39 commondir

Such as
# ls -l /bin/su

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 File Permission - Authorization F
N P
L
LAB:-

# mkdir momendata
# chmod 775 momendata
# groupadd sales
# usermod -G sales momen
# chown momen:sales momendata
# chmod u+s,g+s,o+t momendata
# ls -l
??

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 F
N P
L

Copyright May 2012 , Engineer Momen Hany Mohamed

By Eng Momen Hany Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com

 White Board

Last Viewed
Copyright May 2012 ,
Engineer Momen Hany Mohamed