*The linux file has 8 attributes which are listed with (ls -l or ll) commands.
-rw-r--r--1 root root 1230 Feb 12 15:20 raj.doc
1st field
Types
- files
d directories
l links
p processfile
s socket files
b block devices
c character devices
2nd field.
rwx owner
3rd field.
rwx group
4th field.
rwx others
Ex. - rwx rwx rwx 1 root root 1230 Feb 12 15:20 raj.doc
(type)(owner)(group)(others)
Permition access mode.
File Directory
r --> To display contents of a file. To list contents of a dir.(Read only)
w --> To create or append a file. To create file’s & directories.(Read & Write)
x --> To execute a file. To execute to a directory.
File Permition Mode.
Permitions
1) Symbolic mode -- rwx
2) Absolute mode -- 421
*Defoults file permition.
1) When a file created with the help of cat, touch, vi will get the permissions as 644.
EX.--> - rw- r-- r--
2)Actually in the basic UNIX system when a file is created it gets the permission as 666.
3)But this lapses in security, so when ever a file is created in UNIX system it masks some
bits,with a mask value of 022.
4)After masking we get the default value of a file as
644. [666 – 022 = 644]
5) 022 is as the UMASK value.
*Default directory permitions.
1)When a directory is created with the help of mkdir will get the permissions as 755.
d rwx r-x r-x
2)Actually in the basic UNIX system when a directory is created it gets the permission as 777.
But this lapses in security,so whenever a directory is created in UNIX system it masks some
bits,with a mask value of 022.
3)After masking we get the default value of a file as
777. [777 – 022 = 755]
4)022 is as the UMASK value.
###############################################################
1)To view the umask value.
#umask
2)To view the umask value into file.
#vim /etc/bashrc
3)To create file.
#touch 123
#ll 123
-rw-r--r-- 1 root root 0 Feb 12 08:18 123
(6 4 4) After umask value.
4)To create Directory
#mkdir ram
#ll
drwxr-xr-x 2 root root 4096 Feb 12 08:21 ram
(7 5 5) After umask value.
##############################################################
chmod Command
1)chmod command is used to change the permissions of a file/directory.
2)chmod can be used by the owner of the file or by root.
3)With chmod command we can assign permission’s or remove permissions as required.
4)Permission parameters used with chmod command
Category u g o
Operators + - =
Permissions r w x
Weight 4 2 1
Applying permission to Owner (u), Group (g) & Others (o) for File1
Applying permission to File or Directory
#chmod (permitions) (file/derectory)
################################################################
*Example of Permission - Absolute.
#touch 123
#ll
-rw-r--r-- 1 root root 0 Feb 12 08:18 123
*To change the value.
#chmod 777 123
-rwxrwxrwx 1 root root 0 Feb 12 08:18 123
#chmod 766 123
#ll
-rw-rwxrwx 1 root root 0 Feb 12 08:18 123
##############################################################
*Example of Permission - Symbolic
#touch text
-rw-r--r-- 1 root root 0 Feb 12 08:31 text
1)change group permition.(+)
#chmod g+w text
-rw-rw-r-- 1 root root 0 Feb 12 08:31 text
2)change user permition.(-)
#chmod u-w text
-r--rw-r-- 1 root root 0 Feb 12 08:31 text
3)change others permition.(=)
before.
-r--rw-r-- 1 root root 0 Feb 12 08:31 text
After = permition.
#chmod o=rx text
-r--rw-r-x 1 root root 0 Feb 12 08:31 text
This Blog is intended to collect information of my various Intrests,pen my opinion on the information gathered and not intended to educate any one of the information posted,but are most welcome to share there view on them
Tuesday, August 24, 2010
Advanced File Permitions
1)SUID
2)SGID
3)STICKY BIT
###################### SUID. #############################
1)SUID stands for Set User ID.
2)SUID allows applications to run by normal user with privileges of root user.
3)That means in case I have an application (eg.ping) whose owner is 'root' and it has its SUID bit
set, then when I run this application as a normal user, that application would still run as root.
4)By default the SUID will be applied on ping so that the normal users will also can ping to other
systems.
Implement SUID.
1)Impliment the SUID on ping.
#chmod 4755 /bin/ping
By this command we stop the normal users to ping the other machines.
-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping
2)To remove the SUID.
#chmod 0755 /bin/ping
-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping
EX.
1)To create directory.
#mkdir /vikas
2)To implement the SUID on /vikas directory.
#chmod 4755 /vikas
#ll /
drwsr-xr-x 2 root root 4096 Feb 12 12:15 vikas
3)create users.
#useradd u1
#useradd u2
#passwd u1
#passwd u2
4)login by the users & go to /vikas directory.
#su - u1
u1$cd /vikas
u1$touch 11
touch: cannot touch `11': Permission denied
"That mince normal users can not create the file into /vikas directory."
5)To remove the SUID.
#chmod 0755 /vikas
######################## SGID ###########################
*SGID is used for group inheritance.
when SGID is applied to a directory, all sub directories & files created by any user in that particular directory would be owned by the specified group, regardless of userĂ¢€™s group.
1)To create directory.
#mkdir /sales
2)To implement the SGID on /vikas directory.
#chmod 2755 /sales
#ll /
drwxr-sr-x 2 root root 4096 Feb 12 12:32 sales
3)create users.
#useradd u1
#useradd u2
#passwd u1
#passwd u2
4)create group.
#groupadd sales
5)Add users into the group.
#gpasswd -a u1 sales
Adding user u1 to group sales
#gpasswd -a u2 sales
Adding user u2 to group sales
6)To check.
#tail /etc/group
sales:x:502:u1,u2
7)To login by user.
# su - u1
u1$cd /sales
u1$touch 22
touch: cannot touch `22': Permission denied
*That mince users can not create the files in /sales directory because they are in sales group.
we apply the SGID on /sales directory. If users are not in the sales group so he can create the files into the sales directory.
####################### STICKY BIT ##########################
sticky bit :- It is used to secure files. The files from the sticke bit
directory can be deleted by the owner of the file only.
# chmod o+t /test # chmod 1777 /test
# chmod o-t /test # chmod 777 /test
How to do :->
# mkdir /test
# chmod 777 /test
# chmod 1777 /test
2)SGID
3)STICKY BIT
###################### SUID. #############################
1)SUID stands for Set User ID.
2)SUID allows applications to run by normal user with privileges of root user.
3)That means in case I have an application (eg.ping) whose owner is 'root' and it has its SUID bit
set, then when I run this application as a normal user, that application would still run as root.
4)By default the SUID will be applied on ping so that the normal users will also can ping to other
systems.
Implement SUID.
1)Impliment the SUID on ping.
#chmod 4755 /bin/ping
By this command we stop the normal users to ping the other machines.
-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping
2)To remove the SUID.
#chmod 0755 /bin/ping
-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping
EX.
1)To create directory.
#mkdir /vikas
2)To implement the SUID on /vikas directory.
#chmod 4755 /vikas
#ll /
drwsr-xr-x 2 root root 4096 Feb 12 12:15 vikas
3)create users.
#useradd u1
#useradd u2
#passwd u1
#passwd u2
4)login by the users & go to /vikas directory.
#su - u1
u1$cd /vikas
u1$touch 11
touch: cannot touch `11': Permission denied
"That mince normal users can not create the file into /vikas directory."
5)To remove the SUID.
#chmod 0755 /vikas
######################## SGID ###########################
*SGID is used for group inheritance.
when SGID is applied to a directory, all sub directories & files created by any user in that particular directory would be owned by the specified group, regardless of userĂ¢€™s group.
1)To create directory.
#mkdir /sales
2)To implement the SGID on /vikas directory.
#chmod 2755 /sales
#ll /
drwxr-sr-x 2 root root 4096 Feb 12 12:32 sales
3)create users.
#useradd u1
#useradd u2
#passwd u1
#passwd u2
4)create group.
#groupadd sales
5)Add users into the group.
#gpasswd -a u1 sales
Adding user u1 to group sales
#gpasswd -a u2 sales
Adding user u2 to group sales
6)To check.
#tail /etc/group
sales:x:502:u1,u2
7)To login by user.
# su - u1
u1$cd /sales
u1$touch 22
touch: cannot touch `22': Permission denied
*That mince users can not create the files in /sales directory because they are in sales group.
we apply the SGID on /sales directory. If users are not in the sales group so he can create the files into the sales directory.
####################### STICKY BIT ##########################
sticky bit :- It is used to secure files. The files from the sticke bit
directory can be deleted by the owner of the file only.
# chmod o+t /test # chmod 1777 /test
# chmod o-t /test # chmod 777 /test
How to do :->
# mkdir /test
# chmod 777 /test
# chmod 1777 /test
Disk Managment (Partitioning)
1) Partition is a part of hard disk which is to be utilized for a different
cause than it's neighbouring partition.
2) Partition is "Hardware" since it comes from a hard disk which is a
hardware . Basically anything can be holded in hands is a hardware
, and as hard disk could be , hard disk and hence partition is a h/w.
3) Partitions could be further subdidvided into two types -:
i) Primary Partitions -> It is an actual partition which can be given a
label and can be used for some purpose. There can be max 4 primary
partitions on a hard disk ( limitations of BIOS which was first
inroduced by IBM and all other personal computers are it's clones.
ii) Extended Partition -> This is ideally not a partition but a concept
that can be further divided into logical partitions which can be
further given labels and used for some purpose.
4) Only 1 extended partition can be created from a hard disk which can be
further sub divided to 64 logical volumes ( partitions ) . Windows
allows only 21 logical partitions.
Max. Number of logical volumes also depends on motherboard . In some
cases only 16 logical volumes are allowed from an extended partition.
5) Windows can oly be installed on an primary , active partition.
6) Drive in Windows = Filesystem in Linux
7) Normally the important directories which if filled could hamper the
functioning of system are made a totally different filesystem on a
different partition in linux.
Normally , the various directories which are given different partitions
are /boot , / , /home , /tmp , /var , /usr .
For eg. -> /home is the directory in which all users have their home
directories , if there is no quota policy for users in place , in
case they dump more and more data in their home directories and if
/home is not in another partition , all data will be going into the
"/" directory and ultimately it gets filled up . This will make the
system slow and ultimately system may hang and will give problems
later while booting.Even the root user will not be able to login
because his home directory ( /root ) is in / directory which is
already full.
To slove above problem , root user can login from linux rescue mode
and try to do the cleanup.
8) 'df' is command used to see all filesystems present on the system and
being used by linux kernel and their current usage.
df -h gives the output in human readable form ( in MB's )
For eg. -> df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda7 950M 116M 786M 13% /
/dev/hda6 99M 9.2M 85M 10% /boot
none 109M 0 109M 0% /dev/shm
/dev/hda10 950M 17M 885M 2% /tmp
/dev/hda12 8.3G 4.5G 3.5G 57% /usr
/dev/hda11 950M 263M 639M 30% /var
/dev/vg/lv 465M 8.1M 433M 2% /home
9) Minimum 3 partitions required for a successful installation
/boot , / , swap
10) 7 Partitions required for a successful and efficient linux installation
/boot , / , /home , swap , /tmp , /var , /usr
11) For getting an optimum performance from a system , no partition should
be filled more than 82% of it's size.
12) Partition can be done in order to use the free space, to install
multiple OS, to format HDD with multiple file systems etc
13) LOGICAL FILE SYSTEM:
for windows - FAT16, FAT32 and NTFS
Linux - ext2 and ext3
################################################################
How to Partitioning,Formating & Mounting.
How to create swap partition?
1. To view partition table
# fdisk -l
2.To create new partition
# fdisk
Suppose we have created /dev/hda9 partition.
3.To update partition table to kernel without rebooting
# partprobe
4.To format partition table with file system ext2 and ext3
# mkfs.ext2
# mkfs.ext3
eg.
# mkfs.ext3 /dev/hda9
5.To mount partition table on mount point(on created directory)
# mount
eg.
# mount /dev/hda9 /linux
MOUNTING : Means creating a link between physical and logical file system
in order to access partitions through mount point.
6.To umount partition
# umount
eg.
# umount /linux
7.To mouint file system permentatly # vi /etc/fstab
/dev/hda9 /linux ext3 defaults 0 0
8.Convertiting file system from ext2 -> ext3
# tune2fs -j
eg.
# tune2fs -j /dev/hda9
9.Converting file system from ext3 -> ext2
# tune2fs -O^has_journal
eg.
# tune2fs -O^has_journal /dev/hda9
10.To assign a lable
# e2lable
eg.
# e2lable /dev/hda9 /songs
11.To view existion lable
# e2lable
eg.
# e2lable /dev/hda9
/songs
================= SWAP PARTITION ===============
We create a swap partition for a support to ram. In case If ram is a full that time
the swap partition is active.
12.TO make partition a swap partition
# mkswap
13. To enable swap partition
# swapon /dev/hda9
14.To view status of swap partition
# swapon -s
15.To disable partition
# swapoff
#################################################
LVM
1. Logical Volume Manager is the esier way to manage hard disk by resizing
logical volumes.
2. The LVM2 packge is used for kernel 2.6.
3. In LVM structure there are three levels of organisation :-
physical volume - volume group - logical volume
4. Linux LVM partition has 8e code.
5. The physical partitions i.e. physical volumes turns into volume groups
that then turns into logical volumes.
This logical volumes are assigned mount points and file system types
like ext2, ext3.
When "partitions" reach their full capacity, free space from the volume
group can be added to the logical volume to increase the size of the
partition. When a new hard drive is added to the system, it can be added
to the volume group,and partitions that are logical volumes can be
increased in size.
#############################################
STEPS TO CONFIGURE LVM :
# Creating Physical Volumes
# Creating Volume Groups
# Creating Logical Volumes and assigning mount points.
# Resizing VG and LVs.
# Removing PV, VG and LVs.
# Monitoring PV, VG and LVS.
######## LOGICAL VOLUME MANAGER CONFIGURETION #######
1)To create the partition.
#fdisk /dev/sda
#partprobe /dev/sda
2)To create the PV (physical volume)
# pvcreate /dev/sda9 /dev/sda10 /dev/sda11
Physical volume "/dev/sda9" successfully created
Physical volume "/dev/sda10" successfully created
Physical volume "/dev/sda11" successfully created
3)To check PV
#pvdisplay
4)To create the VG (volume group)
#vgcreate india /dev/sda9 /dev/sda10 /dev/sda11
Volume group "india" successfully created
5)To check VG
#vgdisplay
6)To create the LV (logical volume).
#lvcreate -L 20m india -n mumbai
#lvcreate -L 20m india -n chennai
#lvcreate -L 20m india -n dehli
7)To check LV.
#lvdisplay
8)To extend the VG.
#fdisk -l
#fdisk /dev/sda
#partprobe /dev/sda
#pvcreate /dev/sda12
Physical volume "/dev/sda12" successfully created
#vgextend india /dev/sda12
Volume group "india" successfully extended
9)To resize the LV.
#lvresize -L +50m /dev/india/mumbai
Rounding up size to full physical extent 52.00 MB
Extending logical volume mumbai to 72.00 MB
Logical volume mumbai successfully resized
10)To check the LV by mounting.
1)To create mount point.
#mkdir /mumbai
#mkdir /chennai
#mkdir /delhi
2)To format the LV.
#mkfs.ext3 /dev/india/mumbai
#mkfs.ext3 /dev/india/chennai
#mkfs.ext3 /dev/india/delhi
3)To mount on mount point.
#mount /dev/india/mumbai /mumbai
#mount /dev/india/mumbai /chennai
#mount /dev/india/mumbai /delhi
4)To check.
#mount
/dev/mapper/india-mumbai on /mumbai type ext3 (rw)
#umount
11)LV Remove.
#lvremove /dev/india/mumbai
Do you really want to remove active logical volume "mumbai"? [y/n]: y
Logical volume "mumbai" successfully removed
#lvremove /dev/india/chennai
#lvremove /dev/india/delhi
12)VG Remove.
#vgremove india
Volume group "india" successfully removed
13)PV Remove.
#pvremove /dev/sda9 /dev/sda10 /dev/sda11 /dev/sda12
Labels on physical volume "/dev/sda9" successfully wiped
Labels on physical volume "/dev/sda10" successfully wiped
Labels on physical volume "/dev/sda11" successfully wiped
Labels on physical volume "/dev/sda12" successfully wiped
14)To update the logical volume with kernel.
#resize2fs /dev/share/mkt
logical volumes.
2. The LVM2 packge is used for kernel 2.6.
3. In LVM structure there are three levels of organisation :-
physical volume - volume group - logical volume
4. Linux LVM partition has 8e code.
5. The physical partitions i.e. physical volumes turns into volume groups
that then turns into logical volumes.
This logical volumes are assigned mount points and file system types
like ext2, ext3.
When "partitions" reach their full capacity, free space from the volume
group can be added to the logical volume to increase the size of the
partition. When a new hard drive is added to the system, it can be added
to the volume group,and partitions that are logical volumes can be
increased in size.
#############################################
STEPS TO CONFIGURE LVM :
# Creating Physical Volumes
# Creating Volume Groups
# Creating Logical Volumes and assigning mount points.
# Resizing VG and LVs.
# Removing PV, VG and LVs.
# Monitoring PV, VG and LVS.
######## LOGICAL VOLUME MANAGER CONFIGURETION #######
1)To create the partition.
#fdisk /dev/sda
#partprobe /dev/sda
2)To create the PV (physical volume)
# pvcreate /dev/sda9 /dev/sda10 /dev/sda11
Physical volume "/dev/sda9" successfully created
Physical volume "/dev/sda10" successfully created
Physical volume "/dev/sda11" successfully created
3)To check PV
#pvdisplay
4)To create the VG (volume group)
#vgcreate india /dev/sda9 /dev/sda10 /dev/sda11
Volume group "india" successfully created
5)To check VG
#vgdisplay
6)To create the LV (logical volume).
#lvcreate -L 20m india -n mumbai
#lvcreate -L 20m india -n chennai
#lvcreate -L 20m india -n dehli
7)To check LV.
#lvdisplay
8)To extend the VG.
#fdisk -l
#fdisk /dev/sda
#partprobe /dev/sda
#pvcreate /dev/sda12
Physical volume "/dev/sda12" successfully created
#vgextend india /dev/sda12
Volume group "india" successfully extended
9)To resize the LV.
#lvresize -L +50m /dev/india/mumbai
Rounding up size to full physical extent 52.00 MB
Extending logical volume mumbai to 72.00 MB
Logical volume mumbai successfully resized
10)To check the LV by mounting.
1)To create mount point.
#mkdir /mumbai
#mkdir /chennai
#mkdir /delhi
2)To format the LV.
#mkfs.ext3 /dev/india/mumbai
#mkfs.ext3 /dev/india/chennai
#mkfs.ext3 /dev/india/delhi
3)To mount on mount point.
#mount /dev/india/mumbai /mumbai
#mount /dev/india/mumbai /chennai
#mount /dev/india/mumbai /delhi
4)To check.
#mount
/dev/mapper/india-mumbai on /mumbai type ext3 (rw)
#umount
11)LV Remove.
#lvremove /dev/india/mumbai
Do you really want to remove active logical volume "mumbai"? [y/n]: y
Logical volume "mumbai" successfully removed
#lvremove /dev/india/chennai
#lvremove /dev/india/delhi
12)VG Remove.
#vgremove india
Volume group "india" successfully removed
13)PV Remove.
#pvremove /dev/sda9 /dev/sda10 /dev/sda11 /dev/sda12
Labels on physical volume "/dev/sda9" successfully wiped
Labels on physical volume "/dev/sda10" successfully wiped
Labels on physical volume "/dev/sda11" successfully wiped
Labels on physical volume "/dev/sda12" successfully wiped
14)To update the logical volume with kernel.
#resize2fs /dev/share/mkt
Yum Configuretion
Why to use YUM ? Why not RPM ?
The rpm command-line utility has many functions for working with
individual RPM packages. You may use it to manually install and remove packages from your system. If you install software with the rpm utility, you must
manually check and install any dependencies. For this reason, pirut and yum are the recommended methods for installing software.
#####################################################
What YUM does ?
Use the yum utility to modify the software on your system in four ways:
· To install new software from package repositories
· To install new software from an individual package file
· To update existing software on your system
· To remove unwanted software from your system
####################################################
/etc/yum.conf <----- Configuration File
/etc/repos.d/ <----- Repository directory
####################################################
How to setUP local YUM repository ?
1. Mount rhel5 DVD
# mount /dev/hdb /mnt
2. Install vsftpd package
# rpm -ivh vsftpd-2.0.5-10.el5* --force --aid
3. Copy complete DVD into /var/ftp/pub directory.
# cd /mnt
# cp -rf * /var/ftp/pub
# mv /var/ftp/pub/Server/repodata /tmp
# mkdir /tmp/VT
# mv /var/ftp/pub/VT/repodata /tmp/VT
4. To Create repomd (xml-rpm-metadata) repository
# cd /mnt
# rpm -ivh createrepo-0.4.4-2.fc6.noarch.rpm --force --aid
# createrepo -g /tmp/repodata/comps-rhel5-server-core.xml /var/ftp/pub/Server
# createrepo -g /tmp/VT/repodata/comps-rhel5-vt.xml /var/ftp/pub/VT
# createrepo /var/ftp/pub/images
5. Start the ftp service
# service vsftpd restart
6. To configure repo file.
# cd /etc/yum.repos.d/
# cp rhel-debuginfo.repo base.repo
7. To configure base.repo file
# vi base.repo
[base]
name=server data
baseurl=ftp://192.168.0.254/pub/Server
gpgcheck=0
8. # cp base.repo base1.repo base2.repo
# vi base1.repo
[base1]
name=server data
baseurl=ftp://192.168.0.254/pub/VT
gpgcheck=0
# vi base2.repo
[base2]
name=server data
baseurl=ftp://192.168.0.254/pub/images
gpgcheck=0
The rpm command-line utility has many functions for working with
individual RPM packages. You may use it to manually install and remove packages from your system. If you install software with the rpm utility, you must
manually check and install any dependencies. For this reason, pirut and yum are the recommended methods for installing software.
#####################################################
What YUM does ?
Use the yum utility to modify the software on your system in four ways:
· To install new software from package repositories
· To install new software from an individual package file
· To update existing software on your system
· To remove unwanted software from your system
####################################################
/etc/yum.conf <----- Configuration File
/etc/repos.d/ <----- Repository directory
####################################################
How to setUP local YUM repository ?
1. Mount rhel5 DVD
# mount /dev/hdb /mnt
2. Install vsftpd package
# rpm -ivh vsftpd-2.0.5-10.el5* --force --aid
3. Copy complete DVD into /var/ftp/pub directory.
# cd /mnt
# cp -rf * /var/ftp/pub
# mv /var/ftp/pub/Server/repodata /tmp
# mkdir /tmp/VT
# mv /var/ftp/pub/VT/repodata /tmp/VT
4. To Create repomd (xml-rpm-metadata) repository
# cd /mnt
# rpm -ivh createrepo-0.4.4-2.fc6.noarch.rpm --force --aid
# createrepo -g /tmp/repodata/comps-rhel5-server-core.xml /var/ftp/pub/Server
# createrepo -g /tmp/VT/repodata/comps-rhel5-vt.xml /var/ftp/pub/VT
# createrepo /var/ftp/pub/images
5. Start the ftp service
# service vsftpd restart
6. To configure repo file.
# cd /etc/yum.repos.d/
# cp rhel-debuginfo.repo base.repo
7. To configure base.repo file
# vi base.repo
[base]
name=server data
baseurl=ftp://192.168.0.254/pub/Server
gpgcheck=0
8. # cp base.repo base1.repo base2.repo
# vi base1.repo
[base1]
name=server data
baseurl=ftp://192.168.0.254/pub/VT
gpgcheck=0
# vi base2.repo
[base2]
name=server data
baseurl=ftp://192.168.0.254/pub/images
gpgcheck=0
IPTABLES (Firewall)
###################### IPTABLES ########################
*NATING = network address translation.
*PATING = port address translation.
*What is Routing
ANS :- forwarding the packet from 1 interface to another interface.
Postrouting - After routing change the source ip address.
To hide the internel network (Dnat).
Prerouting - Before routing change the destination ip address.(Snat)
INPUT Chain - To configure in filter tables.
Targets --> ACCEPT,DROP,REJECT.
drop - no acknoledgement
reject - get acknoledgement.
icmp - internet control messege protocol.
#######################################################
1)To Configure the iptables command is.
#iptabls
Filter NAT Mangle
INPUT PREROUTING INPUT
CHAINS:- OUTPUT POSTROUTING OUTPUT
FORWARD OUTPUT PREROUTING
POSTROUTING
FORWARD
########################################################
1)To apply the rules.
ACCEPT,DROP,REJECT.
-L --> To listening
-A --> To append
-p --> Protocol
-j --> To jump
-F --> To flush
2)To check whether the rule is applied or not.
#iptables -L
3)To remove the previous rules.
#iptables -F
4)To remove the rule.
#iptables -D
5)To insert a rule.
#iptables -I
6)To install the rules.
1)(ping)input traficc block.
#iptables -A INPUT -p icmp -j DROP/reject
2)To block perticuler matchine.
#iptables -A INPUT -p icmp -s 10.0.0.1 -j DROP/reject
3)To allow 1 matchine & block other all traffic.
#iptables -A INPUT -p icmp -s ! 10.0.0.1 -j DROP/reject
4)To block http service.
#iptables -A INPUT -p tcp --dport 80 -j DROP/reject
7)To set the iptables rules Permanent.
first set the rules.
#service iptables save
8)To delet the set rules.
#rm /etc/sysconfig/iptables
9)To remove a rule from the chain.
#iptables -D INPUT 1 -t filter
################### END #########################
*NATING = network address translation.
*PATING = port address translation.
*What is Routing
ANS :- forwarding the packet from 1 interface to another interface.
Postrouting - After routing change the source ip address.
To hide the internel network (Dnat).
Prerouting - Before routing change the destination ip address.(Snat)
INPUT Chain - To configure in filter tables.
Targets --> ACCEPT,DROP,REJECT.
drop - no acknoledgement
reject - get acknoledgement.
icmp - internet control messege protocol.
#######################################################
1)To Configure the iptables command is.
#iptabls
Filter NAT Mangle
INPUT PREROUTING INPUT
CHAINS:- OUTPUT POSTROUTING OUTPUT
FORWARD OUTPUT PREROUTING
POSTROUTING
FORWARD
########################################################
1)To apply the rules.
ACCEPT,DROP,REJECT.
-L --> To listening
-A --> To append
-p --> Protocol
-j --> To jump
-F --> To flush
2)To check whether the rule is applied or not.
#iptables -L
3)To remove the previous rules.
#iptables -F
4)To remove the rule.
#iptables -D
5)To insert a rule.
#iptables -I
6)To install the rules.
1)(ping)input traficc block.
#iptables -A INPUT -p icmp -j DROP/reject
2)To block perticuler matchine.
#iptables -A INPUT -p icmp -s 10.0.0.1 -j DROP/reject
3)To allow 1 matchine & block other all traffic.
#iptables -A INPUT -p icmp -s ! 10.0.0.1 -j DROP/reject
4)To block http service.
#iptables -A INPUT -p tcp --dport 80 -j DROP/reject
7)To set the iptables rules Permanent.
first set the rules.
#service iptables save
8)To delet the set rules.
#rm /etc/sysconfig/iptables
9)To remove a rule from the chain.
#iptables -D INPUT 1 -t filter
################### END #########################
NFS Server Configuretion
################### NFS ###################################
Requirements
• Packages
portmap-4.0-63.i386.rpm
nfs-utils-1.0.6-46.i386.rpm
• Port Numbers
2049 Nfsd
111 Portmap
• Configuration File
/etc/exports
• Service
portmap
nfs
• Daemons
nfsd
mountd
statd
lockd
1)To install packages.
#rpm -ivh portmap-4.0-63.i386.rpm
#rpm -ivh nfs-utils-lib-devel-1.0.8.i386.rpm
2)to create directory.
# mkdir /share
3)to export directory.
#vim /etc/exports
/share *(rw,sync) -- sync --> syncronisation.
or
/share 10.0.0.0/255.0.0.0(ro,sync)
or
/share 10.0.0.0/255.0.0.0(ro,async)
4)to restart the services.
#service portmap restart
#service nfs restart
5)To check nfs server.
#showmount -e
#showmount -e 10.0.0.1
#####################################################################
Configuring Client
1)Create Mount point on client
#mkdir /nfs
2)Mount remote shared filesystem on local mount point
#mount 10.0.0.1:/share /nfs
#cd /nfs
###################### Advanced Practical #############################
*To share the nfs server for different networks.
1)To assigne the virtual IP.
2)export the directory & assigne the permitions.
3)restart the service.
4)Try to connect from client side.
*To assigne the virtual IP.
#netconfig --device eth0:1
10.0.0.2 255.0.0.0
*Restart the service.
#service network restart
*To configure the export file.
#vim /etc/exports
/share 10.0.0.3/8(ro,sync)
/share 10.0.0.0/8(rw,sync)
/reliance 192.168.1.0/24(rw,sync)
*To create the directory.
#mkdir /reliance
#chmod 777 /reliance/
*To restart the service.
# service portmap restart
#service nfs restart
*To check.
#exportfs -rav
############## Client side configuretion.##########################
*To check from clientside.
#showmount -e (server IP)
#showmount -e 10.0.0.2
*To create the directory.
#mkdir /mount
*To mount the export directory by server.
#mount 10.0.0.2:/reliance /mount
*Directory should be mount but that directory is a read-only.
###################### END ###############################
Requirements
• Packages
portmap-4.0-63.i386.rpm
nfs-utils-1.0.6-46.i386.rpm
• Port Numbers
2049 Nfsd
111 Portmap
• Configuration File
/etc/exports
• Service
portmap
nfs
• Daemons
nfsd
mountd
statd
lockd
1)To install packages.
#rpm -ivh portmap-4.0-63.i386.rpm
#rpm -ivh nfs-utils-lib-devel-1.0.8.i386.rpm
2)to create directory.
# mkdir /share
3)to export directory.
#vim /etc/exports
/share *(rw,sync) -- sync --> syncronisation.
or
/share 10.0.0.0/255.0.0.0(ro,sync)
or
/share 10.0.0.0/255.0.0.0(ro,async)
4)to restart the services.
#service portmap restart
#service nfs restart
5)To check nfs server.
#showmount -e
#showmount -e 10.0.0.1
#####################################################################
Configuring Client
1)Create Mount point on client
#mkdir /nfs
2)Mount remote shared filesystem on local mount point
#mount 10.0.0.1:/share /nfs
#cd /nfs
###################### Advanced Practical #############################
*To share the nfs server for different networks.
1)To assigne the virtual IP.
2)export the directory & assigne the permitions.
3)restart the service.
4)Try to connect from client side.
*To assigne the virtual IP.
#netconfig --device eth0:1
10.0.0.2 255.0.0.0
*Restart the service.
#service network restart
*To configure the export file.
#vim /etc/exports
/share 10.0.0.3/8(ro,sync)
/share 10.0.0.0/8(rw,sync)
/reliance 192.168.1.0/24(rw,sync)
*To create the directory.
#mkdir /reliance
#chmod 777 /reliance/
*To restart the service.
# service portmap restart
#service nfs restart
*To check.
#exportfs -rav
############## Client side configuretion.##########################
*To check from clientside.
#showmount -e (server IP)
#showmount -e 10.0.0.2
*To create the directory.
#mkdir /mount
*To mount the export directory by server.
#mount 10.0.0.2:/reliance /mount
*Directory should be mount but that directory is a read-only.
###################### END ###############################
Live DNS Setup
########## LIVE DNS SETUP WITH WEB SERVER ###############
1)hostname configuretion file.
#vim /etc/sysconfig/network
2)To assign hostname temp.
#hostname server1.example.com
3)To install packages.
#rpm -ivh bind* --force --aid
#rpm -ivh caching-nameserver-9.3.3-7.el5.i386.rpm
4)DNS configuretion file
#vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "example.com" IN {
type master;
file "example.for";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "example.rev";
};
5)Go into this path.
#cd /var/named/chroot/var/named/
6)Copy the file
#cp localhost.zone example.for
7)Copy the file
#cp named.local example.rev
8)To change the owenership.
#chown named.named example*
9)To configure the file(.for)
#vim example.for
$TTL 86400
@ IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server1.example.com.
server1 IN A 192.168.0.1
server2 IN A 192.168.0.2
server3 IN A 192.168.0.3 --------> (windows machine)
www IN CNAME server1
10)To configure the file(.rev)
#vim example.rev
$TTL 86400
@ IN SOA server1.example.com. root.server1.example.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.example.com.
1 IN PTR server1.example.com.
2 IN PTR server2.example.com.
11)To configure the file.
#vim /etc/resolv.conf
nameserver 192.168.0.6
12)To restart the srvice.
#service named restart
13)To check.
#host server1.example.com
server1.example.com has address 192.168.0.6
14)To check.
#host 192.168.0.2
2.0.168.192.in-addr.arpa domain name pointer server2.example.com.
15)client side.
#dig (server name)
#dig -x (ip)
############### WEB SERVER CONFIGURETION ####################
1)Matchine name.
#hostname server1.example.com
#vim /etc/sysconfig/network
HOSTNAME= server1.example.com
2)Matchine IP.
192.168.0.1
3)To install package.
#rpm -ivh httpd* --force
4)Open configuretion file.
#vim /etc/httpd/conf/httpd.conf
LINE NO-250
ServerAdmin root@server1.example.com
LINE NO-264
ServerName www.example.com:80
LINE NO-280
DocumentRoot "/var/www/html"
LINE NO-305
LINE NO-390
DirectoryIndex index.html index.html.var
5)To create a html file.
#vim /var/www/html/index.html
6)To restart the service.
#service httpd restart
7)To open the file.
# vim /etc/hosts
192.168.0.253 www.example.com
8)To check the page.
open the firefox & check.
###############################################################
From windows client machine.
Machine Name --> server3
My network place --> Property --> Tcp/IP --> Property --> DNS 192.168.0.2
##################### END #####################################
1)hostname configuretion file.
#vim /etc/sysconfig/network
2)To assign hostname temp.
#hostname server1.example.com
3)To install packages.
#rpm -ivh bind* --force --aid
#rpm -ivh caching-nameserver-9.3.3-7.el5.i386.rpm
4)DNS configuretion file
#vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "example.com" IN {
type master;
file "example.for";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "example.rev";
};
5)Go into this path.
#cd /var/named/chroot/var/named/
6)Copy the file
#cp localhost.zone example.for
7)Copy the file
#cp named.local example.rev
8)To change the owenership.
#chown named.named example*
9)To configure the file(.for)
#vim example.for
$TTL 86400
@ IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server1.example.com.
server1 IN A 192.168.0.1
server2 IN A 192.168.0.2
server3 IN A 192.168.0.3 --------> (windows machine)
www IN CNAME server1
10)To configure the file(.rev)
#vim example.rev
$TTL 86400
@ IN SOA server1.example.com. root.server1.example.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.example.com.
1 IN PTR server1.example.com.
2 IN PTR server2.example.com.
11)To configure the file.
#vim /etc/resolv.conf
nameserver 192.168.0.6
12)To restart the srvice.
#service named restart
13)To check.
#host server1.example.com
server1.example.com has address 192.168.0.6
14)To check.
#host 192.168.0.2
2.0.168.192.in-addr.arpa domain name pointer server2.example.com.
15)client side.
#dig (server name)
#dig -x (ip)
############### WEB SERVER CONFIGURETION ####################
1)Matchine name.
#hostname server1.example.com
#vim /etc/sysconfig/network
HOSTNAME= server1.example.com
2)Matchine IP.
192.168.0.1
3)To install package.
#rpm -ivh httpd* --force
4)Open configuretion file.
#vim /etc/httpd/conf/httpd.conf
LINE NO-250
ServerAdmin root@server1.example.com
LINE NO-264
ServerName www.example.com:80
LINE NO-280
DocumentRoot "/var/www/html"
LINE NO-305
LINE NO-390
DirectoryIndex index.html index.html.var
5)To create a html file.
#vim /var/www/html/index.html
6)To restart the service.
#service httpd restart
7)To open the file.
# vim /etc/hosts
192.168.0.253 www.example.com
8)To check the page.
open the firefox & check.
###############################################################
From windows client machine.
Machine Name --> server3
My network place --> Property --> Tcp/IP --> Property --> DNS 192.168.0.2
##################### END #####################################
Mail Server Configuretion
############## TO configure the sendmail.##############
1)To assigne the hostname.
mail.example.com
2)To configure the DNS Mster server.
#rpm -ivh bind* --force
3)Open the configuretion file.
#vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "example.com"{
type master;
file "example.for";
4)Copy the file
#cp /usr/share/doc/bind-9.3.3/sample/var/named/localdomain.zone /var/named/chroot/var/named/example.for
5)To open the file.
#vim /var/named/chroot/var/named/example.for
$TTL 86400
@ IN SOA mail.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS mail.example.com.
IN MX 14 mail.eample.com.
mail IN A 10.0.0.1
6)To restart the service.
# service named restart
7)To check.
#dig mail.example.com
#dig -t MX example.com
################# To confgure sendmail.################
1)To install the package.
#rpm -ivh sendmail* m4* --force
2)To open the configuretion file.
#vim /etc/mail/sendmail.mc
LINE NO-116
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
To comment this line.
LINE NO-155
LOCAL_DOMAIN(`mail.example.com')dnl
3)To compile the sendmail.mc file.
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
4)To restart the service.
#service sendmail restart
5)To open the /etc/hosts file
#vim /etc/hosts
127.0.0.1 localhost.localdomain localhost mail.example.com mail
MAIL SERVER configuretion is over.
6)To create user.
#useradd u1
#useradd u2
#useradd u3
#passwd u1
#passwd u2
#passwd u3
*SQUERREL MAIL configuretion.
1)To install the packages.
squirrelmail*
dovecot*
curl*
php*
perl*
cyrus*
httpd*
2)Restart the following servicec.
# service httpd start
#service dovecot start
#service cyrus-imapd start
#service saslauthd start
To client side configuretion.
#vim /etc/resolve.conf
nameserver 10.0.0.1(webmail server ip)
1)To assigne the hostname.
mail.example.com
2)To configure the DNS Mster server.
#rpm -ivh bind* --force
3)Open the configuretion file.
#vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "example.com"{
type master;
file "example.for";
4)Copy the file
#cp /usr/share/doc/bind-9.3.3/sample/var/named/localdomain.zone /var/named/chroot/var/named/example.for
5)To open the file.
#vim /var/named/chroot/var/named/example.for
$TTL 86400
@ IN SOA mail.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS mail.example.com.
IN MX 14 mail.eample.com.
mail IN A 10.0.0.1
6)To restart the service.
# service named restart
7)To check.
#dig mail.example.com
#dig -t MX example.com
################# To confgure sendmail.################
1)To install the package.
#rpm -ivh sendmail* m4* --force
2)To open the configuretion file.
#vim /etc/mail/sendmail.mc
LINE NO-116
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
To comment this line.
LINE NO-155
LOCAL_DOMAIN(`mail.example.com')dnl
3)To compile the sendmail.mc file.
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
4)To restart the service.
#service sendmail restart
5)To open the /etc/hosts file
#vim /etc/hosts
127.0.0.1 localhost.localdomain localhost mail.example.com mail
MAIL SERVER configuretion is over.
6)To create user.
#useradd u1
#useradd u2
#useradd u3
#passwd u1
#passwd u2
#passwd u3
*SQUERREL MAIL configuretion.
1)To install the packages.
squirrelmail*
dovecot*
curl*
php*
perl*
cyrus*
httpd*
2)Restart the following servicec.
# service httpd start
#service dovecot start
#service cyrus-imapd start
#service saslauthd start
To client side configuretion.
#vim /etc/resolve.conf
nameserver 10.0.0.1(webmail server ip)
User & Group Administration
########## USER, GROUP ADMINISTRATION. ##########
*Unix/Linux is multi user and multi tasking OS.
*Scheme :-
#User always get created with primary group
# One Primary Group per User
*When a user is created in Linux :--
--> home directory ( /home/username)
--> mail account (/var/spool/mail/username)
--> unique UID & GID
*Types of Users.
System Users--> 0 — 499
Normal Users--> 500 — 60,000
User and Group Administration Database Files.
#/etc/passwd
root:x:0:0:root:/root:/bin/bash
u1:x:500:500::/home/u1:/bin/bash
#vim /etc/passwd
u1:x:500:500:prog:/home/u1:/bin/bash
| | | | | | |
1 2 3 4 5 6 7
Discription : -
1. First field : - Login name of the User
2. Second field : - Clear text encrypted password
Note: In case if shadowing is enabled it always denotes a
"x" which means the password is stored in /etc/shadow file
3. Third field : - User id which is unique to every user
4. Fourth field : - Group id which is unique to every group
5. Fifth field : - Comments i.e. user related info like Full Name, Office Add.,Off. No., Home No.
6. Sixth field : - Home directory
7. Seventh field : - Login shell
################################################################
#/etc/shadow
root:$1$d.MWHOEJ$zeLZ2sfTBhNVVWxzpwoAv/:14281:0:99999:7:::
u1:$1$SIOUwX2W$VO/QJmvEp13mlZ9E5B/EP1:14285:0:99999:7:::
#vim /etc/shadow
u1: hjkadfhs8974uyh5jrt/ :13536:0:99999:7: : :
| | | | | | | | |
1 2 3 4 5 6 7 8 9
Discription : -
1. First field : - Login name of the User.
2. Second field : - Clear text encrypted password.
3. Third field : - Number of days since January 1 1970, when the password was last changed.
4. Fourth field : - Minimum number of days gap before a password can be changed again.
5. Fifth field : - Maximum number of days for the validity of a password.
6. Sixth field : - Warning for password expiry to be given before the stipulated number of days.
7. Seventh field : - Number of days after the expiration of password that the account should be disabled.
8. Eight field : - Number of days since 1 January 1970, the account is disabled.
9. Ninth field : - Reserved field.
###############################################################
#/etc/group
root:x:0:root
u1:x:500:
/etc/group
u1:x:500:sachin,tom
| | | |
1 2 3 4
Discription :-
1. Group Name
2. Shadow passwd
3. GID
4. Groupmembers
###################### NEW USERS ###############################
*To create new users.
1)To change UID.
#useradd -u 501 u1
#passwd u1
2)To change primary group.
#useradd -g 501 u2
#passwd u2
*If we change & overwrite the group id so that
should be existed.
3)To overwrite.
#useradd -u 700 -o lax
#usermod -g 700 -o u3
4)To change secondary group.
#useradd -G 700 lax2
#usermod -G 700 lax3
5)To insert the comment.
#useradd -c "pranay" u4
#usermod -c "vijay" u3
6)To change the home directory.
#useradd -d /vikas u4
#usermod -d /vikas u3
7)To change the shell.
#useradd -s /bin/csh u1
#passwd u1
To check.
#tail /etc/passwd
u1:x:561:562::/home/u1:/bin/csh
##################### MODIFY USERS #############################
To modify the existing users by "usermod" command.
1)To modify the user login name.
#usermod -l vikas u1
(N.N) (O.N)
N.N- new name.
O.N- old name.
To check.
# tail /etc/passwd
vikas:x:561:562::/home/u1:/bin/csh
2)To lock the account.
#usermod -L u1
3)To unlock the account.
#usermod -U u1
4)To change the comments.
#usermod -c "laxman" u1
#tail /etc/passwd
u1:x:561:562:laxman:/home/u1:/bin/csh
5)To modify the shell.
#usermod -s /bin/bash u1
#tail /etc/passwd
u1:x:561:562:laxman:/home/u1:/bin/bash
6)To change the UID.
#usermod -u 600 u1
#tail /etc/passwd
u1:x:600:562:laxman:/home/u1:/bin/bash
7)To change the GID with other existing users GID .
#usermod -g 560 u1
#tail /etc/passwd
raj:x:560:560::/home/raj:/bin/bash
u1:x:600:560:laxman:/home/u1:/bin/bash
8)To change the home directory.
#usermod -d /home/u1 u2
#tail /etc/passwd
Before modify the home directory.
u2:x:601:601::/home/u2:/bin/bash
After modify the home directory.
u2:x:601:601::/home/u1:/bin/bash
################### T0 DLETE A USER ##############################
To Delet the user without home directory.
#userdel u1
To Delet the user with home directory.
#userdel -r u1
-r --> recursively.
##################################################################
*To change user setting.
#chage u3
Changing the aging information for u3
Enter the new value, or press ENTER for the default
Minimum Password Age [0]:
Maximum Password Age [99999]:
Last Password Change (YYYY-MM-DD) [2009-02-09]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
############### GROUP ADMINISTRATION ########################
1)To create a group.
#groupadd sales
2)To change the GID on new group.
#groupadd -g 700 mkt
3)To check.
#tail /etc/group
sales:x:602:
mkt:x:700:
4)To override.
#groupadd -g 800 -o admin
#tail /etc/group
sales:x:602:
mkt:x:700:
admin:x:800:
*To modify the group.
1)To modify the existing group.
#groupmod -g 610 sales
#tail /etc/group
Before.
sales:x:602:
After.
sales:x:610:
2)To change the groupname.
#groupmod -n marketing mkt
(N.N) (O.N)
#tail /etc/group
Before.
mkt:x:710:
After.
marketing:x:710:
3)To add user into group.
Add single user.
#gpasswd -a u3 admin
Adding user u3 to group admin
Add multyple users.
#gpasswd -M u4,u5 admin
To check.
#tail /etc/group
admin:x:800:u4,u5,u3
To delet a user from group.
#gpasswd -d u3 admin
Removing user u3 from group admin
You have new mail in /var/spool/mail/root
#tail /etc/group
admin:x:800:u4,u5
*To Delet a group.
# groupdel sales
################## END #########################
*Unix/Linux is multi user and multi tasking OS.
*Scheme :-
#User always get created with primary group
# One Primary Group per User
*When a user is created in Linux :--
--> home directory ( /home/username)
--> mail account (/var/spool/mail/username)
--> unique UID & GID
*Types of Users.
System Users--> 0 — 499
Normal Users--> 500 — 60,000
User and Group Administration Database Files.
#/etc/passwd
root:x:0:0:root:/root:/bin/bash
u1:x:500:500::/home/u1:/bin/bash
#vim /etc/passwd
u1:x:500:500:prog:/home/u1:/bin/bash
| | | | | | |
1 2 3 4 5 6 7
Discription : -
1. First field : - Login name of the User
2. Second field : - Clear text encrypted password
Note: In case if shadowing is enabled it always denotes a
"x" which means the password is stored in /etc/shadow file
3. Third field : - User id which is unique to every user
4. Fourth field : - Group id which is unique to every group
5. Fifth field : - Comments i.e. user related info like Full Name, Office Add.,Off. No., Home No.
6. Sixth field : - Home directory
7. Seventh field : - Login shell
################################################################
#/etc/shadow
root:$1$d.MWHOEJ$zeLZ2sfTBhNVVWxzpwoAv/:14281:0:99999:7:::
u1:$1$SIOUwX2W$VO/QJmvEp13mlZ9E5B/EP1:14285:0:99999:7:::
#vim /etc/shadow
u1: hjkadfhs8974uyh5jrt/ :13536:0:99999:7: : :
| | | | | | | | |
1 2 3 4 5 6 7 8 9
Discription : -
1. First field : - Login name of the User.
2. Second field : - Clear text encrypted password.
3. Third field : - Number of days since January 1 1970, when the password was last changed.
4. Fourth field : - Minimum number of days gap before a password can be changed again.
5. Fifth field : - Maximum number of days for the validity of a password.
6. Sixth field : - Warning for password expiry to be given before the stipulated number of days.
7. Seventh field : - Number of days after the expiration of password that the account should be disabled.
8. Eight field : - Number of days since 1 January 1970, the account is disabled.
9. Ninth field : - Reserved field.
###############################################################
#/etc/group
root:x:0:root
u1:x:500:
/etc/group
u1:x:500:sachin,tom
| | | |
1 2 3 4
Discription :-
1. Group Name
2. Shadow passwd
3. GID
4. Groupmembers
###################### NEW USERS ###############################
*To create new users.
1)To change UID.
#useradd -u 501 u1
#passwd u1
2)To change primary group.
#useradd -g 501 u2
#passwd u2
*If we change & overwrite the group id so that
should be existed.
3)To overwrite.
#useradd -u 700 -o lax
#usermod -g 700 -o u3
4)To change secondary group.
#useradd -G 700 lax2
#usermod -G 700 lax3
5)To insert the comment.
#useradd -c "pranay" u4
#usermod -c "vijay" u3
6)To change the home directory.
#useradd -d /vikas u4
#usermod -d /vikas u3
7)To change the shell.
#useradd -s /bin/csh u1
#passwd u1
To check.
#tail /etc/passwd
u1:x:561:562::/home/u1:/bin/csh
##################### MODIFY USERS #############################
To modify the existing users by "usermod" command.
1)To modify the user login name.
#usermod -l vikas u1
(N.N) (O.N)
N.N- new name.
O.N- old name.
To check.
# tail /etc/passwd
vikas:x:561:562::/home/u1:/bin/csh
2)To lock the account.
#usermod -L u1
3)To unlock the account.
#usermod -U u1
4)To change the comments.
#usermod -c "laxman" u1
#tail /etc/passwd
u1:x:561:562:laxman:/home/u1:/bin/csh
5)To modify the shell.
#usermod -s /bin/bash u1
#tail /etc/passwd
u1:x:561:562:laxman:/home/u1:/bin/bash
6)To change the UID.
#usermod -u 600 u1
#tail /etc/passwd
u1:x:600:562:laxman:/home/u1:/bin/bash
7)To change the GID with other existing users GID .
#usermod -g 560 u1
#tail /etc/passwd
raj:x:560:560::/home/raj:/bin/bash
u1:x:600:560:laxman:/home/u1:/bin/bash
8)To change the home directory.
#usermod -d /home/u1 u2
#tail /etc/passwd
Before modify the home directory.
u2:x:601:601::/home/u2:/bin/bash
After modify the home directory.
u2:x:601:601::/home/u1:/bin/bash
################### T0 DLETE A USER ##############################
To Delet the user without home directory.
#userdel u1
To Delet the user with home directory.
#userdel -r u1
-r --> recursively.
##################################################################
*To change user setting.
#chage u3
Changing the aging information for u3
Enter the new value, or press ENTER for the default
Minimum Password Age [0]:
Maximum Password Age [99999]:
Last Password Change (YYYY-MM-DD) [2009-02-09]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
############### GROUP ADMINISTRATION ########################
1)To create a group.
#groupadd sales
2)To change the GID on new group.
#groupadd -g 700 mkt
3)To check.
#tail /etc/group
sales:x:602:
mkt:x:700:
4)To override.
#groupadd -g 800 -o admin
#tail /etc/group
sales:x:602:
mkt:x:700:
admin:x:800:
*To modify the group.
1)To modify the existing group.
#groupmod -g 610 sales
#tail /etc/group
Before.
sales:x:602:
After.
sales:x:610:
2)To change the groupname.
#groupmod -n marketing mkt
(N.N) (O.N)
#tail /etc/group
Before.
mkt:x:710:
After.
marketing:x:710:
3)To add user into group.
Add single user.
#gpasswd -a u3 admin
Adding user u3 to group admin
Add multyple users.
#gpasswd -M u4,u5 admin
To check.
#tail /etc/group
admin:x:800:u4,u5,u3
To delet a user from group.
#gpasswd -d u3 admin
Removing user u3 from group admin
You have new mail in /var/spool/mail/root
#tail /etc/group
admin:x:800:u4,u5
*To Delet a group.
# groupdel sales
################## END #########################