Monday, January 23, 2012

How to View, Modify and Recreate initrd.img


Question: How do I view, modify and recreate the new initrd.img on Ubuntu, Debian, CentOS, Fedora, Red-Hat, Arch Linux, or SUSE distributions?

1. How To View Content Of initrd.img file?

initrd.img is in gzip format.  So move initrd.img to initrd.gz as shown below.
# cp /tftpboot/el5/initrd.img  .

# ls
cdrom   initrd.img

# mv initrd.img initrd.gz
Unzip the initrd.gz file as shown below.
# gunzip initrd.gz

# ls
cdrom  initrd
After unziping the initrd.gz file, the initrd is further in cpio ‘newc’ format. So extract the files from initrd using cpio ‘newc’ format as shown below.
Note: info cpio will give more information about ‘newc’ format.
# mkdir tmp2

# cd tmp2/

# cpio -id < ../initrd
16524 blocks
Now you can view the content of initrd.img file
# ls
bin  dev  etc  init  modules proc  sbin  selinux  sys  tmp  var

2. How To Modify Content of Image and Recreate New Image?

After extracting the file as shown below, make appropriate modification to any of those files. Then pack the files back into the archive using the following commands. Pack the modified files back to cpio ‘newc’ format.
# find . | cpio --create --format='newc' > /tmp/newinitrd
16524 blocks

# ls /tmp/
cdrom  initrd  newinitrd  tmp2

# ls -l /tmp/newinitrd
-rw-r--r-- 1 root root 8460288 Jul  2 14:50 /tmp/newinitrd
Gzip the archive file.
# gzip newinitrd

# ls
cdrom  initrd  newinitrd.gz  tmp2

# ls -l newinitrd.gz
-rw-r--r--  1 root root 6649867 Jul  2 14:50 newinitrd.gz
Move file as an image file. You can use the newinitrd.img as your new boot image.
# mv newinitrd.gz newinitrd.img

# ls -l newinitrd.img
-rw-r--r-- 1 root root 6649867 Jul  2 14:50 newinitrd.img

Unix Stat Command: How To Identify File Attributes


Question: How do I find out all the available file attributes. i.e I would like to know more about a file or directory than what the ls -l command displays.
Answer: Everything in Unix is treated as files. This includes devices, directories and sockets — all of these are files. Stat command displays file or filesystem status as explained in this article.

File Stat – Display Information About File

For example, to find out more information about 101hacks.txt file, execute the stat commandas shown below.
$ stat 101hacks.txt
  File: `/home/sathiyamoorthy/101hacks.txt'
  Size: 854        Blocks: 8          IO Block: 4096   regular file
Device: 801h/2049d Inode: 1058122     Links: 1
Access: (0600/-rw-------)  Uid: ( 1000/ sathiya)   Gid: ( 1000/ sathiya)
Access: 2009-06-28 19:29:57.000000000 +0530
Modify: 2009-06-28 19:29:57.000000000 +0530
Change: 2009-06-28 19:29:57.000000000 +0530

Details of Linux Stat Command Output

  • File: `/home/sathiyamoorthy/101hacks.txt’ – Absolute path name of the file.
  • Size: 854 – File size in bytes.
  • Blocks: 8 – Total number of blocks used by this file.
  • IO Block: 4096 – IO block size for this file.
  • regular file – Indicates the file type. This indicates that this is a regular file. Following are available file types.
    • regular file. ( ex: all normal files ).
    • directory. ( ex: directories ).
    • socket. ( ex: sockets ).
    • symbolic link. ( ex: symbolic links. )
    • block special file ( ex: hard disk ).
    • character special file. ( ex: terminal device file ).
  • Device: 801h/2049d  – Device number in hex and device number in decimal
  • Inode: 1058122 – Inode number is a unique number for each file which is used for the internal maintenance by the file system.
  • Links: 1 – Number of links to the file
  • Access: (0600/-rw——-): Access specifier displayed in both octal and character format. Let us see explanation about both the format.
  • Uid: ( 1000/ sathiya) – File owner’s user id and user name are displayed.
  • Gid: ( 1000/ sathiya) – File owner’s group id and group name are displayed.
  • Access: 2009-06-28 19:29:57.000000000 +0530 – Last access time of the file.
  • Modify: 2009-06-28 19:29:57.000000000 +0530 – Last modification time of the file.
  • Change: 2009-06-28 19:29:57.000000000 +0530 – Last change time of the inode data of that file.

Dir Stat – Display Information About Directory

You can use the same command to display the information about a directory as shown below.
$ stat /home/ramesh
File: `/home/ramesh'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 803h/2051d Inode: 5521409 Links: 7
Access: (0755/drwxr-xr-x) Uid: ( 401/ramesh) Gid: ( 401/ramesh)
Access: 2009-01-01 12:17:42.000000000 -0800
Modify: 2009-01-01 12:07:33.000000000 -0800
Change: 2009-01-09 12:07:33.000000000 -0800

Details of File Permission:

File Permission In Octal Format

This information about the file is displayed in the Access field when you execute stat command. Following are the values for read, write and execute permission in Unix.
  • Value Meaning
  • 4 Read Permission
  • 2 Write Permission
  • 1 Execute Permission

File Permission In Character Format

This information about the file is displayed in the Access field when you execute stat command.
  • File Type: First bit of the field mentions the type of the file.
  • User Permission: 2nd, 3rd and 4th character specifies the read, write and execute permission of the user.
  • Group Permission: 5th, 6th and 7th character specifies the read, write and execute permission of the group.
  • Others Permission: 8th, 9th and 10th character specifies the read, write and execute permission of the others.

Display Information About File System

You can also use stat command to display the file system information as shown below.
$ stat -f /
  File: "/"
    ID: 0        Namelen: 255     Type: ext2/ext3
Blocks: Total: 2579457    Free: 1991450    Available: 1860421    Size: 4096
Inodes: Total: 1310720    Free: 1215875

How To Generate SSL Key, CSR and Self Signed Certificate For Apache


If you want to convert your website from HTTP to HTTPS, you need to get a SSL certificate from a valid organization like Verisign or Thawte. You can also generate self signed SSL certificate for testing purpose.

In this article, let us review how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl.
Key, CSR and CRT File Naming Convention
I typically like to name the files with the domain name of the HTTPS URL that will be using this certificate. This makes it easier to identify and maintain.
  • Instead of server.key, I use www.sureshkumarpakalapati.in.key
  • Instead of server.csr, I use www.sureshkumarpakalapati.in.csr
  • Instead of server.crt, I use www.sureshkumarpakalapati.in.crt

1. Generate Private Key on the Server Running Apache + mod_ssl

First, generate a private key on the Linux server that runs Apache webserver using openssl command as shown below.
# openssl genrsa -des3 -out www.sureshkumarpakalapati.in.key 1024
Generating RSA private key, 1024 bit long modulus
.......................................++++++
...................................................++++++
e is 73547 (0x01001)
Enter pass phrase for www.sureshkumarpakalapati.in.key:
Verifying - Enter pass phrase for www.sureshkumarpakalapati.in.key:

# ls -ltr www.sureshkumarpakalapati.in.*
-rw-r--r-- 1 root root   963 Jun 13 20:26 www.sureshkumarpakalapati.in.key
The generated private key looks like the following.
# cat www.sureshkumarpakalapati.in.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,485B3C6371C9916E

ymehJu/RowzrclMcixAyxdbfzQphfUAk9oK9kK2
jadfoiyqthakLKNqw9z1MoaqkPyqeHevUm26no
AJKIETHKJADFS2BGb0n61/Ksk8isp7evLM4+QY
KAQETKjdiahteksMJOjXLq+vf5Ra299fZPON7yr
-----END RSA PRIVATE KEY-----

2. Generate a Certificate Signing Request (CSR)

Using the key generate above, you should generate a certificate request file (csr) using openssl as shown below.
# openssl req -new -key www.sureshkumarpakalapati.in.key -out www.sureshkumarpakalapati.in.csr
Enter pass phrase for www.sureshkumarpakalapati.in.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:California
Locality Name (eg, city) [Newbury]:Los Angeles
Organization Name (eg, company) [My Company Ltd]:The Suresg Stuff
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []: sureshkumarpakalapati
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# ls -ltr www.sureshkumarpakalapati.*
-rw-r--r-- 1 root root   963 Jun 13 20:26 www.sureshkumarpakalapati.in.key
-rw-r--r-- 1 root root   664 Jun 13 20:35 www.sureshkumarpakalapati.in.csr

3. Generate a Self-Signed SSL Certificate

For testing purpose, you can generate a self-signed SSL certificate that is valid for 1 year using openssl command as shown below.
# openssl x509 -req -days 365 -in www.sureshkumarpakalapati.in.csr -signkey www.sureshkumarpakalapati.in.key -out www.sureshkumarpakalapati.in.crtSignature ok
subject=/C=US/ST=California/L=Los Angeles/O=sureshkumarpakalapati/OU=IT/CN=www.sureshkumarpakalapati.in
Getting Private key
Enter pass phrase for www.sureshkumarpakalapati.in.key:

# ls -l www.sureshkumarpakalapati*
-rw-r--r-- 1 root root   963 Jun 13 20:26 www.sureshkumarpakalapati.in.key
-rw-r--r-- 1 root root   664 Jun 13 20:35 www.sureshkumarpakalapati.in.csr
-rw-r--r-- 1 root root   879 Jun 13 20:43 www.sureshkumarpakalapati.in.crt

# cat www.sureshkumarpakalapati.in.crt
-----BEGIN CERTIFICATE-----
haidfshoaihsdfAKDJFAISHTEIHkjasdjadf9w0BAQUFADCB
kjadfijadfhWQIOUQERUNcMNasdkjfakljasdBgEFBQcDAQ
kjdghkjhfortoieriqqeurNZXCVMNCMN.MCNaGF3dGUuY29
-----END CERTIFICATE-----

You can use this method to generate Apache SSL Key, CSR and CRT file in most of the Linux, Unix systems including Ubuntu, Debian, CentOS, Fedora and Red Hat.

4. Get a Valid Trial SSL Certificate (Optional)

Instead of signing it youself, you can also generate a valid trial SSL certificate from thawte. i.e Before spending the money on purchasing a certificate, you can also get a valid fully functional 21 day trial SSL certificates from Thawte. Once this valid certificate works, you can either decide to purchase it from Thawte or any other SSL signing organization.

This step is optional and not really required. For testing purpose, you can always use the self-signed certificate that was generated from the above step.

Go to Thwate trial certificate request page and do the following:
  • Select “SSL Web Server Certificate (All servers)” under the “select your trial certificate”.
  • Do not check the PKCS #7 check-box under the “configure certificate”
  • Copy/Paste the *.csr file that you generate above in the textbox under “certificate signing request (CSR)”
  • Click on next at the bottom, which will give you a 21-day free trial certificate.

Copy/Paste the trial certificate to the www.sureshkumarpakalapati.in.crt file as shown below.
# cat www.sureshkumarpakalapati.in.crt
-----BEGIN CERTIFICATE-----
haidfshoaihsdfAKDJFAISHTEIHkjasdjadf9w0BAQUFADCB
kjadfijadfhWQIOUQERUNcMNasdkjfakljasdBgEFBQcDAQ
kjdghkjhfortoieriqqeurNZXCVMNCMN.MCNaGF3dGUuY29
-----END CERTIFICATE-----

How To Identify Major and Minor Number For Block Devices in Unix


Question: How do I find out the major and minor number of my block device / partition / mount points / SAN disk / filesystem?
Why do you need to know major and minor device number?
Sometimes you may need to know the major and minor number of devices for various reasons. For example, sar utility reports the i/o data of filesystems in the format of devm-n as shown below. (m is major number and n is minor number)

From sar man page following is the meaning for the DEV column shown below:
-d     Report activity for each block device (kernels  2.4  and  newer
       only).  When data is displayed, the device specification dev m-
       n is generally used ( DEV column).  m is the  major  number  of
       the  device.   With  recent  kernels (post 2.5), n is the minor
       number of the device, but is only a sequence  number  with  pre
       2.5 kernels.

By looking at the sar output below, we cannot tell what mount point (filesystem) dev110-1 indicates. In this case, you know that this device represents a block device that has a major number 110 and minor number 1.
$ sar -d
Linux 2.6.9-67.0.0.0.1.ELsmp (webserver)        06/21/2009

12:00:00 AM    DEV              tps    rd_sec/s  wr_sec/s
12:02:00 AM    dev110-1        6.00      0.00      6.00
12:02:00 AM    dev8-1           1.00      1.00      0.00
12:02:00 AM    dev1-1           2.00      1.00      1.00
12:02:00 AM    dev1-2           1.00      0.00      1.00
12:02:00 AM    dev1-3           4.00      2.00      2.00
12:02:00 AM    dev1-4           5.00      3.00      2.00

df -k will not display major and minor number

In the following example, when you perform a df -k, it shows that you have a local SCSI hard drive partition (/dev/sda1) mounted as / (root) and a SAN device partition (/dev/san-device1) mounted as /home/mysql. Please note that the SAN device can be a EMC, NetApps or any kind of SAN storage.
$ df -k
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda1             10317828   2353828   7439884  25% /
/dev/sandevice1   50537528  22350656  25619688  47% /home/mysql

How to identify major and minor device number?

Now, if you want to know the major and minor number of these devices, cd to /dev directory and do ls -l as shown below, which will show both major and minor number
$ cd /dev

$ ls -l sd*
brw-rw----  1 root disk 8,  0 Feb  8  2008 sda
brw-rw----  1 root disk 8,  1 Feb  8  2008 sda1

[Note: Major for /dev/sda1 is 8 and minor is 1]

$ ls -l san*
brw-------  1 root root 110,  0 Feb 8 sandevice
brw-------  1 root root 110,  1 Feb 8 sandevice1

[Note: Major for /dev/sandevice1 is 110 and minor is 1]
  • sda1 – Major number is 8 and Minor number is 1
  • sandevice1 – Major number is 110 and Minor number is 1

With this information now you can identify the corresponding device that is reported in the sar -d output.
$ sar -d
Linux 2.6.9-67.0.0.0.1.ELsmp (webserver)        06/21/2009

12:00:00 AM    DEV              tps    rd_sec/s  wr_sec/s
12:02:00 AM    dev110-1        6.00      0.00      6.00
12:02:00 AM    dev8-1           1.00      1.00      0.00

[Note: Now, we know dev110-1 is /dev/sandevice1 and
                    dev8-1 is /dev/sda1 ]

Major number for SCSI and IDE drives

The major numbers for SCSI and IDE doesn’t change and has the following hard-coded value.
  • SCSI (/dev/sd?) Major Number is 8
  • IDE (/dev/hd?) Major Number is 3

The Ultimate Guide to Create Users in Linux / Unix


eating users in Linux or Unix system is a routine task for system administrators.

Sometimes you may create a single user with default configuration, or create a single user with custom configuration, or create several users at same time using some bulk user creation method.

In this article, let us review how to create Linux users in 4 different methods using useradd, adduser and newusers command with practical examples.

Method 1: Linux useradd Command — Create User With Default Configurations
This is a fundamental low level tool for user creation. To create user with default configurations use useradd as shown below.
Syntax: # useradd LOGIN-NAME
 
While creating users as mentioned above, all the default options will be taken except group id. To view the default options give the following command with the option -D.
$ useradd -D
GROUP=1001
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
 GROUP: This is the only option which will not be taken as default. Because if you don’t specify -n option a group with same name as the user will be created and the user will be added to that group. To avoid that and to make the user as the member of the default group you need to give the option -n.
  • HOME: This is the default path prefix for the home directory. Now the home directory will be created as /home/USERNAME.
  • INACTIVE: -1 by default disables the feature of disabling the account once the user password has expired. To change this behavior you need to give a positive number which means if the password gets expired after the given number of days the user account will be disabled.
  • EXPIRE: The date on which the user account will be disabled.
  • SHELL: Users login shell.
  • SKEL: Contents of the skel directory will be copied to the users home directory.
  • CREATE_MAIL_SPOOL: According to the value creates or does not create the mail spool.

Example 1: Creating user with all the default options, and with his own group.

Following example creates user ramesh with group ramesh. Use Linux passwd command to change the password for the user immediately after user creation.
# useradd ramesh

# passwd ramesh
Changing password for user ramesh.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

# grep ramesh /etc/passwd
ramesh:x:500:500::/home/ramesh:/bin/bash

# grep ramesh /etc/group
ramesh:x:500:
[Note: default useradd command created ramesh as username and group]

Example 2: Creating an user with all the default options, and with the default group.

# useradd -n sathiya

# grep sathiya /etc/passwd
sathiya:x:511:100::/home/sathiya:/bin/bash

# grep sathiya /etc/group
[Note: No rows returned, as group sathiya was not created]

# grep 100 /etc/group
users:x:100:
[Note: useradd -n command created user sathiya with default group id 100]

# passwd sathiya
Changing password for user sathiya.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[Note: Always set the password immediately after user creation]

Example 3: Editing the default options used by useradd.

The following example shows how to change the default shell from /bin/bash to /bin/ksh during user creation.
Syntax: # useradd -D --shell=

# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
[Note: The default shell is /bin/bash]

# useradd -D -s /bin/ksh

# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/ksh
SKEL=/etc/skel
[Note: Now the default shell changed to /bin/ksh]

# adduser priya

# grep priya /etc/passwd
priya:x:512:512::/home/priya:/bin/ksh
[Note: New users are getting created with /bin/ksh]

# useradd -D -s /bin/bash
[Note: Set it back to /bin/bash, as the above is only for testing purpose]

Method 2: Linux useradd Command — Create Users With Custom Configurations

Instead of accepting the default values (for example, group, shell etc.) that is given by the useradd command as shown in the above method, you can specify custom values in the command line as parameters to the useradd command.
Syntax: # useradd -s  -m -d  -g  UserName
 -s SHELL : Login shell for the user.
  • -m : Create user’s home directory if it does not exist.
  • -d HomeDir : Home directory of the user.
  • -g Group : Group name or number of the user.
  • UserName : Login id of the user.

Example 4: Crate Linux User with Custom Configurations Using useradd Command

The following example creates an account (lebron) with home directory /home/king, default shell as /bin/csh and with comment “LeBron James”.
# useradd -s /bin/csh -m -d /home/king -c "LeBron James" -g root lebron 

# grep lebron /etc/passwd
lebron:x:513:0:LeBron James:/home/king:/bin/csh
 
Note: You can give the password using -p option, which should be encrypted password. Or you can use the passwd command to change the password of the user.

Method 3: Linux adduser Command – Create Users Interactively

These are the friendlier tools to the low level useradd. By default it chooses the Debian policy format for UID and GID. A very simple way of creating user in the command line interactively is using adduser command.
Syntax: # adduser USERNAME

Example 5: Creating an User Interactively With adduser Command

# adduser spidey

Adding user `spidey' ...
Adding new group `spidey' (1007) ...
Adding new user `spidey' (1007) with group `spidey' ...
Creating home directory `/home/spidey' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for spidey
Enter the new value, or press ENTER for the default
 Full Name []: Peter Parker
 Room Number []:
 Work Phone []:
 Home Phone []:
 Other []:
 Is the information correct? [y/N] y

Method 4: Linux newusers Command — Creating bulk users

Sometimes you may want to to create multiple users at the same time. Using any one of the above 3 methods for bulk user creation can be very tedious and time consuming. Fortunately, Linux offers a way to upload users using newusers command. This can also be executed in batch mode as it cannot ask any input.
# newusers FILENAME
 
This file format is same as the password file.
loginname:password:uid:gid:comment:home_dir:shell

Example 6: Creating Large Number of Users Using newusers Command

If Simpson family decides to join your organization and need access to your Linux server, you can create account for all of them together using newusers command as shown below.
# cat homer-family.txt
homer:HcZ600a9:1008:1000:Homer Simpson:/home/homer:/bin/bash
marge:1enz733N:1009:1000:Marge Simpson:/home/marge:/bin/csh
bart:1y5eJr8K:1010:1000:Bart Simpson:/home/bart:/bin/ksh
lisa:VGz638i9:1011:1000:Lisa Simpson:/home/lisa:/bin/sh
maggie:5lj3YGQo:1012:1000:Maggie Simpson:/home/maggie:/bin/bash
 
Now create accounts for Simpsons family together using the newusers command as shown below.
# newusers homer-family.txt