Scribd
Upload
164 views

RHCSA Study Notes

Some study notes for the RHCSA Exam. Complete with commands and examples.

Uploaded by

matt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
164 views

RHCSA Study Notes

Some study notes for the RHCSA Exam. Complete with commands and examples.

Uploaded by

matt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 13

ON NFS SERVER:

useradd -u 1010 tom


useradd -u 1020 sam

ll /home
tail /etc/passwd

vi /etc/exports
/home/tom serverip(rw,sync,no_root_squash)
/home/sam serverip(rw,sync,no_root_squash)

======================================================================
======================================================================
======================================================================

AUTOFS ON CLIENT MOUNT HOME DIRECTORY FOR USERS:


https://www.youtube.com/watch?v=eAFg2BeSoDs

yum install autofs


yum install nfs-utils

systemctl enable --now autofs


systemctl status autofs

showmount -e 10.0.0.5 (ip of NFS server)

useradd -M -u 1010 tom


useradd -M -u 1020 sam

vi /etc/auto.master
/misc /etc/auto.misc
/home /etc/auto.home

vim /etc/auto.home
* -fstype=nfs,rw,sync nfs-server-hostname:/home/&

firewall-cmd --permanent --add-service=nfs


firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload

Test each user...


su - tom
ll /home
pwd
exit

su - sam
ll /home
pwd
exit

======================================================================
======================================================================
======================================================================
REGISTER REPO SERVERS:
yum config-manager --add-repo http://xyz.repo.com/baseos
yum config-manager --add-repo http://xyz.repo.com/appstream

yum config-manager --add-repo http://xyz.repo.com/baseos


yum config-manager --add-repo http://xyz.repo.com/appstream

/etc/yum.repos.d/ (repo file location - confirm repo file is created)


cat repo file and confirm:
enabled=1
gpgcheck=1

======================================================================
======================================================================
======================================================================

ADD A SWAP PARTITION:


fdisk /dev/sdc
create partition, type 82 for swap, then exit.

partprobe /dev/sdc

mkswap /dev/sdc1
swapon -a

vim /etc/fstab
UUID="xxxxx" swap swap defaults 0 0
lsblk (confirm swap is present)

======================================================================
======================================================================
======================================================================

USERS AND GROUPS / ACL / STICKY BIT / SGID


USERS AND GROUPS
- create a user harsh with newgroup as secondary group
- create a user nitin, do not add to newgroup as secondary group, with no login
shell
- assign the password "redhat" to both users harsh and nitin

groupadd newgroup

useradd harsh -G newgroup


cat /etc/group (confirm secondary group for harsh)

useradd nitin -s /sbin/nologin


cat /etc/passwd (confirm nitin has /sbin/nologin)

ACL
- copy the file /etc/fstab to /var/fstab
- the user owner of /var/fstab should be root
- the user natasha should have read and write access
- the group Mac should have no access
cp /etc/fstab /var/fstab
ls -lah /var/fstab (confirm root is the owner)
chown root /var/fstab (if is not owned by root)

If natasha is not present, create


useradd natasha

setfacl -m u:natasha:rw- /var/fstab


getfacl /var/fstab (check permissions for user natasha)
getfacl: Removing leading '/' from absolute path names
# file: var/fstab
# owner: root
# group: root
user::rw-
user:natasha:rw-
group::r--
mask::rw-
other::r--

If Mac group doesn't exist, add it


groupadd Mac
setfacl -m g:Mac:--- /var/fstab
getfacl /var/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/fstab
# owner: root
# group: root
user::rw-
user:natasha:rw-
group::r--
group:Mac:---
mask::rw-
other::r--

STICKY BIT
- create a directory /linux
- make the group owner be Mac
- ensure that all files within /linux, the group owner is Mac
- ensure that all the future files within /linux, the group owner is Mac
- ensure that no user other than the user-owner of /linux is able to delete the
content within /linux

mkdir /linux
chown :Mac /linux

check ownership of the /linux directory


ls -lahd /linux
drwxr-xr-x. 2 root Mac 6 Aug 4 16:02 /linux

create files in /linux


touch 001
touch 002
touch 003

check ownership of files in /linux


ls -l /linux
total 0
-rw-r--r--. 1 root root 0 Aug 4 16:04 001
-rw-r--r--. 1 root root 0 Aug 4 16:04 002
-rw-r--r--. 1 root root 0 Aug 4 16:04 003

owner is root... change to Mac


chown -R :Mac /linux

check ownership of files again


ls -l /linux
total 0
-rw-r--r--. 1 root Mac 0 Aug 4 16:04 001
-rw-r--r--. 1 root Mac 0 Aug 4 16:04 002
-rw-r--r--. 1 root Mac 0 Aug 4 16:04 003

Ensure ownership of future files is Mac - setgid


chmod g+s /linux

mkdir /linux/d1
touch /linux/004

check ownership of new files/directory


ls -l /linux
total 0
-rw-r--r--. 1 root Mac 0 Aug 4 16:04 001
-rw-r--r--. 1 root Mac 0 Aug 4 16:04 002
-rw-r--r--. 1 root Mac 0 Aug 4 16:04 003
-rw-r--r--. 1 root Mac 0 Aug 4 16:09 004
drwxr-sr-x. 2 root Mac 6 Aug 4 16:10 d1

Ensure that only user/owner of the directory /linux can delete files
chmod +t /linux

Test that only the user/owner of the directory /linux can delete files
su - natasha
rm -rf /linux
rm: cannot remove '/linux/001': Permission denied
rm: cannot remove '/linux/002': Permission denied
rm: cannot remove '/linux/003': Permission denied
rm: cannot remove '/linux/004': Permission denied
rm: cannot remove '/linux/d1': Permission denied

======================================================================
======================================================================
======================================================================

TUNED PROFILE / NTP / MANAGING SERVICES USING SYSTEMCTL

TUNED PROFILE
yum install tuned
tuned-adm active (shows active profile)
tuned-adm list (shows list of profiles)
tuned-adm recommend (gives recommended profile)
tuned-adm profile <profile-name> (change profile)
tuned-adm off (turns off)

NTP
yum install chrony
vim /etc/chrony.conf
server <ip> iburst
systemctl restart chronyd
chronyc sources -c
timedatectl set-ntp true

check that set-ntp is set to true


timedatectl
Local time: Sun 2024-08-04 16:29:18 UTC
Universal time: Sun 2024-08-04 16:29:18 UTC
RTC time: Sun 2024-08-04 16:29:18
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

MANAGING SERVICES WITH SYSTEMCTL


systemctl status <service>
systemctl start <service>
systemctl stop <service>
systemctl enable <service>
systemctl disable <service>

======================================================================
======================================================================
======================================================================

MANAGING CONTAINERS WITH PODMAN


yum install podman-4.2.0 @container-tools
podman login registry.redhat.io
user/pass matt.lewis@microsoft.com pj3k6g&2QnmyF%

podman search httpd


NAME
DESCRIPTION
registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache
HTTP 2.4 Server

podman pull registry.access.redhat.com/rhscl/httpd-24-rhel7

podman images
REPOSITORY TAG IMAGE ID CREATED
SIZE
registry.access.redhat.com/rhscl/httpd-24-rhel7 latest 847db19d6cbc 2 months
ago 332 MB

Run httpd in detached mode:


podman run -d --name web1 847db19d6cbc

podman ps
CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS NAMES
d40bbb0c94ca registry.access.redhat.com/rhscl/httpd-24-rhel7:latest /usr/bin/run-
http... 8 seconds ago Up 7 seconds web1

map port to httpd running in container-tools


podman run -d --name web2 -p 8080:80 847db19d6cbc
map local directory to container
mkdir /web
touch /web/mypage.html
vim /web/mypage.html
(add some content/info to the page)

podman run -d --name web41 -p 8080:80 -v /web:/usr/local/apache2/htdocs


847db19d6cbc

Run container in interactive mode.


podman run -it imageid /bin/bash

edit the index.html file


find / -name index.html
/usr/local/apache2/htdocs/index.html

can edit this file to change the output.

======================================================================
======================================================================
======================================================================

RUN PODMAN CONTAINER AS A SYSTEMD SERVICES


run as root user
podman generate systemd web1 > /etc/systemd/system/web1-container.service
systemctl daemon-reload
systemctl start web1-container.service
systemctl status web1-container.service

to make the systemd service persistent


systemctl enable web1-container.service

RUN PODMAN AS A SPECIFIC USER


ssh into user
ssh user@localhost

podman pull docker.io/library/httpd

podman run -d --name web2 -p 8080:80 <image id>

mkdir -p ~/.config/systemd/user
podman generate systemd web2 > ~/.config/systemd/user/web2-container.service

vim ~/.config/systemd/user/web2-container.service
WantedBy=default.service
systemctl --user daemon-reload

systemctl --user start web2-container.service


systemctl --user status web2-container.service
systemctl --user enable web2-container.service

======================================================================
======================================================================
======================================================================
LVM - LOGICAL VOLUME MANAGEMENT
- create a LV named LV1 of size 8GB
- extend the LV, LV1 by 2GB
- create a LV named LV2 with 10 extent, where the size of each extent is 8MB

1. physical storage - disk partitions or full disk or RAID


2. create physical volume (PV)
3. create volume group (VG)
4. create logical volume (LV)

- create a LV named LV1 of size 8GB


pvcreate /dev/sdc /dev/sdd
pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 rootvg lvm2 a-- <63.02g <40.02g
/dev/sdc lvm2 --- 16.00g 16.00g
/dev/sdd lvm2 --- 16.00g 16.00g

vgcreate VG1 /dev/sdc /dev/sdd


vgs
VG #PV #LV #SN Attr VSize VFree
VG1 2 0 0 wz--n- 31.99g 31.99g
rootvg 1 5 0 wz--n- <63.02g <40.02g

lvcreate -L 8GB -n LV1 VG1


lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync
Convert
LV1 VG1 -wi-a----- 8.00g

mkfs.xfs /dev/VG1/LV1

vim /etc/fstab
/dev/mapper/VG1-LV1 /testmount xfs defaults 0 0

EXTEND LV BY 2GB
lvextend -r -L +2G /dev/VG1/LV1

EXTEND LV BY 2GB AND ADD ANOTHER PV (not enough room on LV)


vgextend VG1 /dev/sdd
lvextend -r -L +2G /dev/VG1/LV1

create a LV named LV2 with 10 extent, where the size of each extent is 8M
- default extent size is 4MB, will need to create a new VG with 8MB extent size
vgcreate -s 8M VG1 /dev/sdc /dev/sdd
vgdisplay
--- Volume group ---
VG Name VG1
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 2
Act PV 2
VG Size 31.98 GiB
PE Size 8.00 MiB
Total PE 4094
Alloc PE / Size 0 / 0
Free PE / Size 4094 / 31.98 GiB
VG UUID P1JcMp-lQ1I-0MTM-OvwH-0aTd-iofm-VkqCiv

lvcreate -l 10 -n LV2 /dev/VG1


lvdisplay
--- Logical volume ---
LV Path /dev/VG1/LV2
LV Name LV2
VG Name VG1
LV UUID QwTwMr-QBdQ-gT9C-hTXZ-60cq-o1V4-dnnrGw
LV Write Access read/write
LV Creation host, time rhcsa001, 2024-08-04 22:09:45 +0000
LV Status available
# open 0
LV Size 80.00 MiB
Current LE 10
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:5

======================================================================
======================================================================
======================================================================

VDO - VIRTUAL DATA OPTIMIZER


- create vdo named V1 of size 50GB and mount it at /V1

yum install vdo kmod-kvdo


vdo create --name=VDO1 --device=/dev/sdg --vdoLogicalSize=50G
Creating VDO VDO1
The VDO volume can address 996 GB in 498 data slabs, each 2 GB.
It can grow to address at most 16 TB of physical storage in 8192 slabs.
If a larger maximum size might be needed, use bigger slabs.
Starting VDO VDO1
Starting compression on VDO VDO1
VDO instance 0 volume is ready at /dev/mapper/VDO1

mkfs.xfs /dev/mapper/VDO1

mkdir /vdo-mount
vim /etc/fstab
/dev/mapper/VDO1 /vdo-mount xfs defaults,x-systemd.requires=vdo.service 0 0

mount -a (test mounts before reboot)

======================================================================
======================================================================
======================================================================

STRATIS

yum install stratisd stratis-cli

stratis pool create pool1 /dev/sdc /dev/sdd /dev/sde


stratis filesystem create pool1 fs1
stratis filesystem create pool1 fs2

stratis filesystem list


Pool Name Name Used Created Device UUID

pool1 fs2 546 MiB Aug 04 2024 22:55 /dev/stratis/pool1/fs2 43effeac-


72f0-4b18-8118-8fe8d219c706
pool1 fs1 546 MiB Aug 04 2024 22:54 /dev/stratis/pool1/fs1 ec898e99-
98ce-4e67-b79d-196517c11f93

mkdir /stratis-fs1

vim /etc/fdisk
UUID=43effeac-72f0-4b18-8118-8fe8d219c706 /stratis-fs1 xfs defaults,x-
systemd.requires=stratisd.service 0 0

mount -a

======================================================================
======================================================================
======================================================================

LINUX PERMISSIONS

1000 - Sticky Bit - when set on a directory, it ensures that only the file owner,
the directory owner, or the root user can delete or rename the files within that
directory.

chmod +t /linux

2000 - Set Group ID, SGID - when set on a file, it allows the file to be executed
with the permissions of the group owner. When set on a directory, new files created
within the directory inherit the group ID of the directory, rather than the primary
group ID of the user who created the file.

chmod g+s file_or_directory_name


chmod g+s /path/to/directory

4000 - Set User ID, SUID - when set on a file, it allows the file to be executed
with the permissions of the file owner. This is often used for executable files
that need to perform tasks requiring higher privileges.

chmod u+s file_name


chmod u+s /path/to/file

6000 - SUID and SGID - this is a combination of both the SUID and SGID bits,
meaning the file will be executed with the permissions of both the file owner and
the group owner
chmod u+s,g+s file_name
chmod u+s,g+s /path/to/file

======================================================================
======================================================================
======================================================================

FIND COMMAND EXAMPLES

find /path/to/search -perm /1000 (finds both files/directories)


find /path/to/search -type d -perm /1000 (finds directories)
find /path/to/search -type f -perm /1000 (finds files)

SEND FILE NAMES TO FILE:


find /path/to/search -perm /1000 > sticky_bit_files.txt

BASH SCRIPT THAT DOES THE SAME

#!/bin/bash

find /path/to/search -perm /1000 > sticky_bit_files.txt

MAKE SCRIPT EXECUTABLE


chmod u+x find_sticky_bit.sh

EXECUTE
./find_sticky_bit.sh

FIND FILES AN COPY TO A DIRECTORY


find /path/to/search -type f -name "*.txt" -exec cp {} /path/to/destination/ \;
find /path/to/search -type f -exec cp {} /path/to/destination/ \;
find /path/to/search -type f -perm /1000 -exec cp {} /path/to/destination/ \;

FIND FILES OWNED BY User


find /path/to/search -user root

FIND ALL THE FILES WITH THE NAME 'PASSWD' AND COPY THEM INTO THE /MNT/COPY
DIRECTORY
mkdir /mnt/copy
find / -name passwd -exec cp {} /mnt/copy \;

FIND ALL FILES OWNED BY THE USER 'ROHIT' AND COPY THEM INTO THE DIRECTORY
/MNT/ROHIT
mkdir /mnt/rohit
find / -user rohit -exec cp {} /mnt/rohit \;

======================================================================
======================================================================
======================================================================

SELINUX

- selinux modes
- selinux booleans
- selinux port
- selinux context

MODES
enforcing / permissive / disabled

getenforce (gets current selinux mode)

setenforce 0 (puts selinux into permissive mode)

setenforce 1 (puts selinux into enforcing mode)

vim /etc/sysconfig/selinux
SELINUX=disabled (restart VM for change to take place)

BOOLEAN
getsebool -a (list all the booleans)
getsebool -a | grep "httpd"

will show "httpd_enable_homedirs"


setsebool -P httpd_enable_homedirs on (the -P makes it persistent)

PORT
allow httpd to be accessed on port 82

semanage port -a -t http_port_t -p tcp 82

CONTEXT
ensure that httpd service can access and host files from the /test directory
default for httpd is /var/www/html

ls -ldZ /test (get fcontext on directory)


ls -lZ filename (get fcontext on file)

semanage fcontext -a -t httpd_sys_content_t "/test(/.*)?"


restorecon -R -v /test

vim /etc/httpd/conf/httpd.conf
change path on DocumentRoot to "/test"
also change Directory path

Then restart httpd

======================================================================
======================================================================
======================================================================

PIPES AND REDIRECTION / CHMOD AND UMASK

ls /etc | wc -l

ls > out.txt (overwrites any contents)


ls >> out.txt (appends the contents)

CHMOD
chmod u+x out.txt
chmod o-r out.txt
UMASK
umask 024 (is the opposite 024 is the same as 742)

TAR
tar cvf file.tar file1 file2 (creates archive)
tar tf (views contents of the tar file)
tar xf file.tar (extracts contents of the tar file)

Create a compressed archive for all the files in the /etc directory
tar cvf /mnt/etc.tar /etc
tar tf /mnt/etc.tar

compression - 3 different options.


-j bzip2
-J xz
-z gzip

tar cvfz /mnt/etc.tar.gz /etc


tar cvfa /mnt/etc.tar.gz /etc (will auto detect gzip from tar file name)

COPY THE LINES CONTAINING THE WORD 'ROOT' IN /ETC/PASSWD AND COPY THEM INTO A
FILE /MNT/PASSWD
cat /etc/passwd | grep -i root > /mnt/passwd

======================================================================
======================================================================
======================================================================

HOSTNAME

======================================================================
======================================================================
======================================================================

CRON / GREP / RESET ROOT PASSWORD / PASSWD

CRON
Execute the command /usr/local/bin/backup at 10AM on Feb 4th, every year.
crontab -e

0 10 4 2 * /usr/local/bin/backup

Configure a cron job that runs for the user baljit at 12:08 every Thursday and
execute /bash/echo hello
crontab -e -u baljit
8 12 * * 5 /bash/echo hello

GREP
List the lines containing the word root (case insensitive) in /etc/groups file
grep -i root /etc/groups

Find the word "sbin" in /etc/passwd and copy it into the file /tmp/pass
grep sbin /etc/passwd > tmp/pass

RESET PASSWORD
interrupt grub boot, and select most recent kernel, hit "end" key to go to end of
text
add rd.break then continue booting the VM

mount -o remount,rw /sysroot


chroot /sysroot
passwd root (enter in password twice)
touch /.autorelabel
exit
exit

SET PASSWD
useradd test
passwd test (enter in password twice)

You might also like