RH302 SG

RHCE
RH302 Study Guide

On
Redhat Enterprise Linux 5

Version 3.1

RH302

Leading the way in IT testing and certification tools, www.testking.com

- 2 -
Li nux i s t he most wi del y usi ng Oper at i ng as wel l as r ai si ng
i n t he mar ket due t o i t s f eat ur e of open sour ce
devel opment model , Uni x l i ke Oper at i ng Syst em, Secur e and
St abl e. Ther e ar e l ot s of Li nux Di st r i but or l i ke RedHat ,
SuSe, Cal der a, Mandr ek et c. Among t hem Redhat i s t he
Pr emi er among al l t he di st r i but or . So, Redhat Sayi ng Leader
of Open sour ce.
About Redhat Enterprise Linux 5
Redhat Ent er pr i se Li nux i s mor e t han j ust t he oper at i ng
Syst em. I t i ncl udes t he wi de var i et y of commands,
appl i cat i ons and ut i l i t i es. Some new f eat ur es ar e added on
RedHat Ent er pr i se Li nux 5: l i ke SELi nux ( Secur i t y Enhanced
Li nux) , LVM ( Logi cal Vol ume Manager ) Ver si on 2, Mdadm Rai d
Tool s, 2. 6. X Ver si on Ker nel as wel l as mor e per f or mance on
Ker nel and X Wi ndow Syst em.

Redhat al so pr ovi des t he t op Level Tr ai ni ng and
Cer t i f i cat i on on Li nux. When I m wr i t i ng t hi s book, Redhat
has f our Cer t i f i cat i ons.
RHCT ( Redhat Cer t i f i ed Techni ci an) : Whi ch i s cal l ed
t he ent r y l evel on Redhat Cer t i f i cat i on, whi ch cover s
t he syst emAdmi ni st r at i on l evel .
RHCE ( Redhat Cer t i f i ed Engi neer ) : Whi ch cover s t he
most of t he Net wor k and Secur i t y Conf i gur at i on.
RHCA ( Redhat Cer t i f i ed Ar chi t ect ) :
RHCSS ( Redhat Cer t i f i ed Secur i t y Speci al i st )
RH302


- 3 -

Ti l l now al l Redhat s Cer t i f i cat i on i s Pr act i cal Based
exam, so i t uni que and most chal l engi ng t hen ot her
cer t i f i cat i ons i n t he wor l d. That s why i t s a
pr of essi onal s choi ce on number one sur vey t aken by
www. cer t ci t i es. com. To be f ami l i ar on Redhat Exam RHCT you
can go t hr ough t he Test Ki ng RH202 Quest i ons and Answer s.

Under Red Hat Ent er pr i se Li nux 5, t he cer t i f i cat i on exam
consi st s of t wo par t s conduct ed
i n a si ngl e day. The exam i s per f or mance- based, meani ng
t hat candi dat es must per f or m
t asks on a l i ve syst em, r at her t han answer i ng quest i ons
about how one mi ght per f or m
Sect i on I : Tr oubl eshoot i ng and Syst em Mai nt enance ( 2. 5
hour s)
Sect i on I I : I nst al l at i on and Conf i gur at i on ( 3 hour s)
I n or der t o pass t he Red Hat Cer t i f i ed Engi neer exam under
Red Hat Ent er pr i se Li nux 5, you must meet al l of t he
f ol l owi ng r equi r ement s:
a scor e of 80 or hi gher on Sect i on I , consi st i ng of f i ve
compul sor y and f i ve
successf ul compl et i on of t he f i ve Sect i on I compul sor y
t r oubl eshoot i ng pr obl ems wi t hi n one hour of t hat sect i on' s
st ar t t i me;
70 per cent or mor e on t he RHCT- l evel ski l l s i n Sect i on
I I ;
70 per cent or mor e on t he RHCE- l evel ski l l s i n Sect i on
I I .
RH302


- 4 -
These l ast t wo r equi r ement s enabl e RHCEs t o demonst r at e
t hat t hey possess bot h RHCT l evel and RHCE- l evel ski l l s, as
wel l as enabl i ng a per son who onl y has RHCT l evel ski l l s
t o ear n RHCT i f t hey pass t he r equi r ed compet enci es.
Before Attending to Exam: Are you excellent
on following? Can you do independently?

Components of the RHCT exams

The RHCT exam i s a subset of t he RHCE exam, and i s
or gani zed as f ol l ows:
Tr oubl eshoot i ng and Syst emMai nt enance 1 hour
I nst al l at i on and Conf i gur at i on 2 hour s
I n or der t o ear n RHCT, one must successf ul l y compl et e al l
t he r equi r ement s i n
Tr oubl eshoot i ng and Syst em Mai nt enance, and must achi eve a
scor e of 70 or hi gher on
I nst al l at i on and Conf i gur at i on sect i on.

RHCT skills

Troubleshooting and System Maintenance

RHCTs shoul d be abl e t o:
boot syst ems i nt o di f f er ent r un l evel s f or
t r oubl eshoot i ng and syst emmai nt enance
di agnose and cor r ect mi sconf i gur ed net wor ki ng
di agnose and cor r ect host name r esol ut i on pr obl ems
RH302


- 5 -
conf i gur e t he X Wi ndow Syst emand a deskt op envi r onment
add new par t i t i ons, f i l esyst ems, and swap t o exi st i ng
syst ems
use st andar d command- l i ne t ool s t o anal yze pr obl ems and
conf i gur e syst em

Installation and Configuration

RHCTs must be abl e t o:
per f or mnet wor k OS i nst al l at i on
i mpl ement a cust ompar t i t i oni ng scheme
conf i gur e pr i nt i ng
conf i gur e t he schedul i ng of t asks usi ng cr on and at
at t ach syst emt o a net wor k di r ect or y ser vi ce, such as NI S
or LDAP
conf i gur e aut of s
add and manage user s, gr oups, and quot as
conf i gur e f i l esyst emper mi ssi ons f or col l abor at i on
i nst al l and updat e RPMs
pr oper l y updat e t he ker nel RPM
modi f y t he syst emboot l oader
i mpl ement sof t war e RAI D at i nst al l - t i me and r un- t i me
use / pr oc/ sys and sysct l t o modi f y and set ker nel r un-
t i me par amet er s

Components of the RHCE exams
For RHCE exams gi ven on Red Hat Ent er pr i se Li nux 3 and
hi gher , t he exami s or gani zed
as f ol l ows:
RH302


- 6 -
Tr oubl eshoot i ng and Syst emMai nt enance 2. 5 hour s
I nst al l at i on and Conf i gur at i on 3. 0 hour s
I n or der t o ear n RHCE, one must successf ul l y compl et e al l
t he RHCT- l evel
Tr oubl eshoot i ng and Syst em Mai nt enance r equi r ement s, and
successf ul l y compl et e
enough addi t i onal RHCE i t ems t o ear n a scor e of 80 or
hi gher over al l on t he sect i on.
I n addi t i on, one must scor e 70 or hi gher on t he RHCT i t ems
of I nst al l at i on and
Conf i gur at i on, and 70 or hi gher on t he RHCE component s of
t hat sect i on.

RHCE skills

Troubleshooting and System Maintenance

RHCEs must demonst r at e t he RHCT ski l l s l i st ed above, and
shoul d be abl e t o:
use t he r escue envi r onment pr ovi ded by f i r st i nst al l at i on
CD
di agnose and cor r ect boot f ai l ur es ar i si ng f r om
boot l oader , modul e, and
f i l esyst emer r or s
di agnose and cor r ect pr obl ems wi t h net wor k ser vi ces ( see
I nst al l at i on and
Conf i gur at i on bel ow f or a l i st of t hese ser vi ces)
add, r emove, and r esi ze l ogi cal vol umes

RH302


- 7 -
Installation and Configuration
RHCE must demonst r at e t he RHCT- l evel ski l l s l i st ed above,
and t hey must be capabl e of
conf i gur i ng t he f ol l owi ng net wor k ser vi ces:
HTTP/ HTTPS
SMB
NFS
FTP
Web pr oxy
SMTP
I MAP, I MAPS, and POP3
SSH
DNS

For each of these services, RHCEs must be able to:
i nst al l t he packages needed t o pr ovi de t he ser vi ce
conf i gur e t he ser vi ce t o st ar t when t he syst emi s boot ed
conf i gur e t he ser vi ce f or basi c oper at i on
Conf i gur e host - based and user - based secur i t y f or t he
ser vi ce

RHCEs must also be able to:
conf i gur e hands- f r ee i nst al l at i on usi ng Ki ckst ar t
i mpl ement l ogi cal vol umes at i nst al l - t i me
use PAM t o i mpl ement user - l evel r est r i ct i ons
Getting Red Hat Enterprise Linux 5
The Red Hat exams ar e based on your knowl edge of Red Hat
Ent er pr i se Li nux 5. When you t ake t he RHCT exam, i t i s t he
RH302


- 8 -
st andar d PC of i nt el compat i bl e wi t h bet t er Pent i um and at
l east 256MB RAM.
Ther e ar e f our Edi t i on of RedHat Ent er pr i se Li nux ar e
avai l abl e on Mar ket . They wi l l char ge accor di ng t o your
har dwar e pr of i l e, number of syst em r equi r ed suppor t f r om
Redhat et c.
RHEL 4 Advanced Ser ver ( AS) : Desi gn t o hose
or gani zat i on havi ng l ar ge net wor k.
RHEL 4 Ent er pr i se Ser ver ( ES) : Desi gn t o t hose
or gani zat i on havi ng mi ddl e l evel of Net wor k
RHEL 4 Wor kst at i on ( WS) : Cl i ent of AS and ES Ser ver .
Redhat Deskt op: St and al one cl i ent s f r omRedhat , Whi ch
pr ovi des t he most used appl i cat i ons.
How to Prepare for the Exam?
On Ever y Sect i on I wr ot e t hat you shoul d abl e t o do
i ndependent l y, r ead al l car ef ul l y do pr act i ce mor e and go
t hr ough al so Test Ki ng Quest i ons and Answer of RH202 whi ch
i s RHCT examcode.

RH302


- 9 -

Section 1
Redhat Enterprise Linux 5 Foundation
Can you do independently ?
Linux Filesystem Hierarchy
Identifying the file type
Working with Simple Linux Command i.e cp, mv, rm,
mkdir, rmdir etc
Exploring commands using man, info etc
Working with Vi Editor
Working with Removable Device
File Compression, archiving
Variables, functions, aliases etc
Printing the Documents
Finding files and directories
String Processing with head, tail, sort, grep, wc, cut
etc
The Linux File system Hierarchy
/ The r oot Fi l esyst emal so cal l ed t he t op
l evel di r ect or y i n Li nux
/boot The / boot Di r ect or y cont ai ns t he Ker nel and
al l boot r el at ed Fi l es
/bin, /usr/bin Al l User commands
RH302


- 10 -
/sbin,
/usr/sbin
Admi ni st r at i ve Commands
/etc Most conf i gur at i on f i l es.
/var Al so cal l ed t he Var i abl es, cont ai ns t he Most
Log f i l es, Spool i ng f i l es et c.
/home Most user s home di r ect or y
/lib Cont ai ns t he Shar ed l i br ar i es used by ker nel
as wel l as di f f er ent pr ogr ams.
/media Typi cal Mount Poi nt f or Removabl e Devi ces i e
CDROM, Fl oppy and USB Fl ash Di sks
/mnt Mount Poi nt f or NFS ( Net wor k Fi l e Ser vi ces) ,
SAMBA et c
/dev Al l Bl ock Devi ce as wel l as Char act er Devi ce
f i l es
/proc Vi r t ual Fi l e syst emcont ai ns t he i nf or mat i on
about t he Runni ng Ker nel .
/selinux Li ke / pr oc Vi r t ual Fi l e syst em, cont ai ns t he
SEl i nux conf i gur at i on i nf or mat i on.
/root Home Di r ect or y of r oot ( al so cal l ed t he
Super User ) user .
/tmp Cont ai ns t he Tempor ar y f i l es/ di r ect or i es.
/opt Di r ect or y f or Thi r d par t y Pr oduct s.
Each Di r ect or y Mount t o di f f er ent Par t i t i on except some
di r ect or y. Some di r ect or y shoul d i ncl ude wi t h / means you
can t cr eat e di f f er ent par t i t i on and mount .
Exampl e: / , / l i b, / bi n, / sbi n, / et c, / dev These Di r ect or i es
can t separ at e f r omt he / .
Working With Linux Command:
RH302


- 11 -
ls : List the contents of Directory
Systax: ls [options] path
- l Long Li st i ng
- r I n r ever se Or der
- s Wi t h Si ze
- R Wi t h Sub- cont ent s
- a Nor mal as wel l as hi dden cont ent s
Example: ls a : i t l i st al l hi dden as wel l as nor mal
cont ent s of cur r ent di r ect or y.
ls l /etc/ : I t l i st al l cont ent s of / et c wi t h l ong
l i st i ng.
When you use t he l s l command you can see t he l ong
l i st i ng. i . e
- r w- r - xr - x 1 r oot r oot 1234 10: 25: 20 1 Apr i l 2006
nar ayan. t xt
Fi r st Col umn cont ai ns t ot al 10 char act er s, Among t hen f i r st
Char act er r epr esent s t he Nat ur e of f i l e.
- Nor mal Fi l e can r ead usi ng cat command.
d Di r ecot r y
l Li nk Fi l e
RH302


- 12 -
c Char act er Devi ce Fi l e
d Bl ock Devi ce Fi l e
p Named Pi pe
s Socket

2, 3, 4 char act er r epr esent s t he per mi ssi on t o owner user .
r Read
w Wr i t e
x Execut e
Al ways r wx comes i n or der i f you get i n or der t hat means
no per mi ssi on.
5, 6, 7 char act er r epr esent s t he per mi ssi on t o owner gr oup
member
8, 9, 10 char act er r epr esent s t he per mi ssi on t o ot her
( nei t her owner user nor member of owner gr oup) .
Permission
and file
type
Owner
User
Owner
Group
Size in
bytes
Created
Date and
Time
File Name
- r w- r - xr - x
1
Root Root 1234 10: 25: 20
1 Apr i l
2006
nar ayan. t xt
RH302


- 13 -
cd : Change the Directory.
cd di r ect or y To use t he di r ect or y
cd . . To j ump t o par ent di r ect or y
cp: Copy Command
Syntax: cp [options] source destination
- i I nt er act i ve
- R Recur si ve Copy
- F For cel y Copy
mv : Move Command
Syntax: mv source destination
mkdir : Create the new directory
Syntax: mkdir directoryname
rmdir: removes the blank directory
Syntax: rmdir directoryname
rm : Removes files as well as directories
Syntax: rm [options] file/directory
- i I nt er act i ve
- f For cel y
RH302


- 14 -
- R Recur si vel y
cat : Multiple purpose command to read or create the file
cat f i l ename: di spl ays t he cont ent s of f i l e on st andar d
out put .
cat >f i l ename: Redi r ect s t he cont ent s of st andar d i nput
i nt o f i l e.
cat >>f i l ename: Append t he cont ent s of st andar d i nput i nt o
f i l e.
touch: Creates the blank file.
Exampl e: t ouch f i l ename
tty: Displays the terminal name
runlevel: Displays the current and previous runlevel
clear: Clears the screen

Exploring with Manual
- man command
- info command
- command --help
Working With Vi Editor
RH302


- 15 -
- Vi (Visual Editor) is the Standard Unix as well as
Linux Editor.
- Redhat added some features on vi called vim (vi
improved) automatically invoked when you open the vi
editor.
To Start vi:
- vi
or
- vi filename
Cursor Movements on vi Editor
Shortcuts Description
H Moves cur sor t o Lef t
J Moves cur sor t o Down
K Moves cur sor t o Up
L Moves cur sor t o r i ght
W Moves cur sor one wor d ahead
B Moves cur sor one wor k back
( Moves cur sor t o one sent ence
back
) Moves cur sor t o one sent ence
f or war d
{ Moves cur sor t o one par agr aph
above
} Moves cur sor t o one par agr aph
bel ow
RH302


- 16 -
Ar r ow Keys al so suppor t ed,
To change t he mode use esc key
Inserting and Append Mode
A Append af t er t he Cur r ent
Cur sor Posi t i on
I I nser t bef or e t he Cur r ent
Cur sor Posi t i on
O Append new bl ank l i ne bel ow
A Append t o end of l i ne
I I nser t at t he begi nni ng of
l i ne
O Append new bl ank l i ne above
Delete word, line and character
X Del et es cur r ent Char act er
Nx Del et es n char act er s
Dd Del et es Cur r ent Li ne
Ndd Del et es n l i nes
Dw Del et es t he cur r ent wor d
Ndw Del et es t he n wor ds

Copy and Paste
RH302


- 17 -
Yc Yanks cur r ent Char act er
Yw Yanks Cur r ent Wor d
Yy Yanks t he Cur r ent Li ne
Nyw Yanks t he n wor ds
Nyy Yanks t he n l i nes
P Past es t he dat a af t er t he
cur r ent cur sor
P Past es t he dat a bef or e t he
cur r ent cur sor
u : Undo t he r ecent changes
U: Undo al l changes on cur r ent l i ne si nce t he cur sor
l anded on t he l i ne
. or cr t l +r : Redo
Searching the text
/text Sear ch t he t ext i n f or war d
di r ect i on
?text Sear ch t he t ext i n backwar d
di r ect i on
N Fi nd Next i n same di r ect i on
N Fi nd Next i n opposi t e
di r ect i on
Save and Exit
:wq Save and Exi t
:w Wr i t e i nt o Di sk
RH302


- 18 -
:q! Qui t wi t hout Save

RH302


- 19 -
Working with Removable Media
Device Recognization
IDE Drive:
Pr i mar y Mast er / dev/ hda
Pr i mar y Sl ave / dev/ hdb
Secondar y Mast er / dev/ hdc
Secondar y Sl ave / dev/ hdd
SCSI Disk:
/ dev/ sda, / dev/ sdb
Fl oppy Di sk: / dev/ f d0
Before using any devices you should mount the device on
directory. Mounting is the process of activating the Device
and creates the link on directory.
Mounting Floppy
i . mount / dev/ f d0 / medi a/ f l oppy
or
mount / medi a/ f l oppy
Mounting CD-ROM
i . mount / dev/ hd? / medi a/ cdr om
RH302


- 20 -
or
mount / medi a/ cdr om
Mounting SCSI Flash Disks
I n Redhat Ent er pr i se Li nux Fl ash Di sks r ecogni zi t i on as
SCSI di sk, t o Use Fl ash Di sk:
i . mkdi r / medi a/ f l ash
i i . mount / dev/ sda / medi a/ f l ash
File Compression and Archiving:
tar is the standard archiving tool in Redhat Enterprise
Linux, which places more files/directories into a single
file so easier to move, backup and store.
To create the archive file:
tar cvf tafilename.tar inputfiles
exampl e: t ar cvf myt ar . t ar * : Whi ch cr eat es t he myt ar . t ar
f i l e by t aki ng i nput of al l f i l es f r omt he cur r ent
di r ect or y.
t ar cvf myt ar . t ar f i l e1 f i l e2 f i l e3 : Whi ch cr eat es t he
myt ar . t ar ar chi ve f i l e of f i l e1, f i l e2 and f i l e3.
To Test the archive file:
You can t est t he ar chi ve f i l e by l i st i ng t he al l bundl es
f i l es.
RH302


- 21 -
t ar t vf myt ar . t ar : Whi ch l i st al l cont ent s of myt ar . t ar
f i l e.

To Extract the archive files:
t ar xvf myt ar . t ar : whi ch ext r act t he f i l es f r omt he
myt ar . t ar .
File Compress and uncompress
I n Li nux you wi l l get l ot s of t ool s f or compr ess and
uncompr ess.
i . gzip i s t he uni x st andar d compr essi on t ool , whi ch
compr ess t he t ext f i l es upt o 75%. When you compr ess
t he f i l e wi t h gzi p, you wi l l get t he f i l e wi t h . gz
ext ensi on and you shoul d uncompr ess usi ng gunzip
command.
i i . bzip2 i s t he newer l i nux st andar d compr essi on t ool .
When you compr ess f i l e usi ng bzip2, you wi l l get t he
f i l e wi t h . bz2 ext ensi on and you shoul d uncompr ess
usi ng bunzip2 command.
Variables, Functions and Aliases
Variable: Named Memor y Locat i on, cont ai ni ng t he val ues.
I n Li nux Syst em, you wi l l get t he t wo t ypes of var i abl e,
one i s cal l ed shel l var i abl e and anot her i s envi r onment al
var i abl e.
RH302


- 22 -
Shel l Var i abl e: Shel l Var i abl e avai l abl e onl y on
par t i cul ar shel l means not avai l abl e t o ot her shel l . You
can use t he set command t o di spl ay al l envi r onment al as
wel l as shel l var i abl es.
Envi r onment al Var i abl e: Envi r onment al var i abl e avai l abl e
t o al l shel l . You can use t he env command t o di spl ay al l
envi r onment al var i abl es.
You can decl ar e t he var i abl e j ust by assi gni ng a val ue
i nt o t he var i abl e.
EMPLOYEE_NAME=r am
You can pr i nt t he val ue of var i abl e : echo $EMPLOYEE_NAME
Function: Funct i on i s a col l ect i on of si mi l ar
st at ement s. You can cr eat e t he f unct i on t o execut e a
ser i es of command.
Creating function in command line
Syntax: functionname()
{
command 1
command 2
command 3
}
RH302


- 23 -
To execut e f unct i on j ust cal l t he f unct i on by f unct i on
name : f unct i onname
Aliases: Al i ases i s cal l ed t he shor t cut of ot her
command.
Exampl e:
al i as myt ar =t ar cvf myt ar . t ar *
use t he alias command t o di spl ay al l al i ases decl ar ed i n
your syst emand use t he unalias t o cl ear t he shor t cut .
Exampl e: unal i as myt ar
RH302


- 24 -
Printing the Documents:
You have j ust cr eat ed t he document ! i t s t i me t o pr i nt .
The pr i nt i ng syst em i n Redhat Ent er pr i se Li nux i s ver y
si mpl e and f l exi bl e. Pr i nt er s may be par al l el , USB or
net wor ked. Suppor t i s i ncl uded f or pr i nt i ng t o r emot e
CUPS I PP, l pd et c.
You can i nst al l t he ei t her l ocal or net wor ked pr i nt er
usi ng system-config-printer command
lpr: t hi s command sends t he pr i nt i ng j ob t o pr i nt er
Exampl e:
lpr filename : I t wi l l sends t he pr i nt i ng j ob t o def aul t
pr i nt er
lpr Pprintername filename : I t wi l l sends t he pr i nt i ng
j ob t o speci f i ed pr i nt er
lpr Pprintername -#5 filename: I t wi l l sends t he
pr i nt i ng j ob t o speci f i ed pr i nt er wi t h 5 copi es.
lpq: This command is used to print the queue of printer.
Example:
lpq Pprintername
lprm: This command helps to remove the queue from the
printer.
Example:
RH302


- 25 -
lprm printqueueid

RH302


- 26 -
Finding Files and Directories
i . l ocat e or sl ocat e command
much f ast er but l ess accur at e command t o sear ch f i l es
or di r ect or i es. I t sear ch i n i t s dat abase, whi ch i s
updat ed by cr on dai l y schedul e. I f you want t o updat e t he
dat abase use t he updatebd command. I t wi l l sear ch onl y on
di r ect or y havi ng r ead and execut e per mi ssi on.
Exampl e: l ocat e t est
i i . Fi nd command
Now you can wor k wi t h t he most accur at e command f or
sear ch.
Synt ax: f i nd [ pat h] [ condi t i on] [ act i on]
Exampl e:
1. f i nd / et c name passwd : i t wi l l f i nd t he f i l e havi ng
name passwd i n / et c di r ect or y.
2. f i nd / home user user 1 : i t wi l l f i nd t he f i l es and
di r ect or i es owned by user user 1.
3. f i nd / home gr oup t r ai ni ng : i t wi l l f i nd t he f i l es
and di r ect or i es owned by t r ai ni ng gr oup.
4. f i nd / - at i me +10 : i t wi l l f i nd al l f i l es accessed
mor e t han 10 days ago. You know t hat i ndex t abl e
cont ai ns met a i nf or mat i on of f i l es wi t h di f f er ent
t i mest amp i . e Access Ti me, Modi f i ed Ti me and Change
Ti me. You can use t he at i me, mt i me and ct i me opt i ons.
RH302


- 27 -
5. f i nd / - t ype f : i t wi l l f i nd al l nor mal f i l es,
i nst ead of f you can use t he b f or bl ock devi ce f i l e,
d f or di r ect or y, c f or char act er devi ce f i l e, l f or
l i nk f i l e.
on t he r esul t of f i nd command you can use t he di f f er ent
act i on l i ke, copy, del et e, compr ess, ar chi ve et c.
See by exampl e:
i . f i nd / t mp t ype f exec r m {} \ ; : I t wi l l sear ch al l
nor mal f i l es i n / t mp and r emove al l f i l es.
i i . f i nd / dat a si ze +100M exec gzi p {} \ ; : I t wi l l
sear ch al l f i l es havi ng si ze mor e t han 100M and compr ess
by gzi p command.

RH302


- 28 -
Introduction to String Processing Tools
head : di spl ay some l i nes f r om t he t op of f i l e by
def aul t 10 l i nes. You can use t he n or - - l i nes opt i on t o
di spl ay cust omnumber of l i nes.
Example:
head / et c/ passwd
head n 5 / et c/ passwd
tail: di spl ay some l i nes f r om t he bot t om of f i l e by
def aul t i t di spl ays 10 l i nes. You can use n or - - l i nes
opt i on t o di spl ay cust omnumber of l i nes.
Exampl e:
t ai l / et c/ passwd
t ai l n 20 / et c/ passwd
sort : sor t s t he t ext of f i l e i n ascendi ng or descendi ng
or der . By def aul t i t di spl ays i n ascendi ng or der and
doesn t make any changes t o or i gi nal f i l e.
Synt ax: sor t [ opt i ons] f i l e
- r : Rever se Or der
- n: Numer i c sor t
- f : I gnor e case
RH302


- 29 -
- u : Uni que Sor t
- t : Fi el d Separ at or
- k: Fi l ed Number
Exampl e: sor t r n t : - k3 / et c/ passwd
Cut: di spl ay some speci f i c col umn f r om t he f i l e. Li ke i f
you want t o di spl ay onl y cer t ai n col umn dat a f r om f i l e
t hen you can use t he cut command.
Synt ax: cut [ opt i on] f i l e
- f : Speci f i es f i el d number
- d: Fi el d separ at or
exampl e: cut f 3 d: / et c/ passwd
wc (Word Count): Pr i nt s t he number of l i nes, wor ds and
char act er s of f i l e.
Example: wc f i l ename
I f you want t o pr i nt onl y number of l i nes or number of
wor ds or number of char act er s you can use t he l or w or
c opt i on.
grep (General Regular Expression Processor) : di spl ays
t he l i nes i n a f i l e mat ch a pat t er n. I t can al so pr ocess
st andar d i nput .
Example: gr ep r oot / et c/ passwd
RH302


- 30 -
Section 2
RedHat Certified Technician (RHCT)
Preparation
Server Preparation for FTP, HTT, NFS and Kickstart
Installation
Redhat Enterprise Linux Installation through FTP, NFS,
HTTP and Kickstart
GRUB Bootloader Configuration and Installation
Linux System Initialization
Init and /etc/inittab
Controlling Standalone and Transient Services
About Virtual File System
Controlling Modules
Creating Partition, File system and mounting
Creating Swap partition, on/off the swap space
/etc/fstab file configuration
Mounting NFS, SMB Share
Auto Mount
Network Configuration
IP Forwarding
Controlling Routing Table
DNS Client Configuration
Installing, Upgrading and Removing Packages
RH302


- 31 -
Installing Kernel
About User, Group and Permission
Managing Users
Managing Groups
Setting Permissions to user, group and others
About Special Permissions
Working with Startup Scripts
NIS Client Configuration
Installing Local and Networked Printer
Managing Printer through HTTP
Scheduling Cron Job
X Window System
Troubleshooting X Window System
Configuring RAID Level 0/1/5/6
Troubleshooting with RAID
Configuring LVM
Troubleshooting with LVM
Quota Implementation
Troubleshooting Linux boot process
Welcome to you in RHCT Section of this book !
Installing RedHat Enterprise Linux 5
We can i nst al l t he RedHat Ent er pr i se Li nux Ei t her f r om
Local CD- ROM or Net wor k based I nst al l at i on. I n t he dai l y
wor ki ng envi r onment we use t he Net wor k based I nst al l at i on
because t hat i s easy f or us.
RH302


- 32 -
I n Net wor k Based I nst al l at i on you can choose one met hod
f r om FTP or HTTP or NFS. Bef or e St ar t i ng I nst al l at i on you
shoul d pr epar e t he ser ver .
I n examyou wi l l not get t he quest i on of ser ver pr epar at i on
f or FTP or HTTP or NFS but i n your dai l y admi ni st r at i on
wor k i t i s necessar y.
Server Preparation for FTP:
FTP ( Fi l e Tr ansf er Pr ot ocol ) , whi ch i s used t o upl oad or
downl oad t he f i l es. FTP al so can be a best i nst al l at i on
met hod i f you si t e i s al r eady conf i gur ed or goi ng t o
conf i gur e.
By def aul t anonymous as wel l as r eal user can access t he
FTP ser ver but anonymous l ogi n i nt o / var / f t p and can access
onl y t he / var / f t p hi er ar chy di r ect or y. Si mi l ar l y Real User
l ogi n i nt o t he user s home di r ect or y.
I f you ar e pl anni ng t o gi ve access t o anonymous t hen you
shoul d copy al l t he cont ent s of your RHEL 4 CD s cont ent
under / var / f t p hi er ar chy.
Go by exampl e:
1. mkdi r / var / f t p/ r hel 4
2. 1
st
CD
3. mount / medi a/ cdr om
4. cp r f / medi a/ cdr om/ * / var / f t p/ r hel 4
5. umount / medi a/ cdr om
6. 2
nd
, 3
r d
and 4
t h
CD
RH302


- 33 -
8. cp f / medi a/ cdr om/ RedHat / RPMS/ *
/ var / f t p/ r hel 4/ RedHat / RPMS
10. chkconf i g vsf t pd on
11. ser vi ce vsf t pd r est ar t | st ar t
Server Preparation for HTTP:
HTTP ( Hyper Text Tr ansf er Pr ot ocol ) , anot her met hod f or
Net wor k based RedHat Ent er pr i se Li nux I nst al l at i on.
/ var / www/ ht ml i s t he def aul t di r ect or y f or ht t p ser vi ce.
J ust copy al l t he cont ent s of f our CDs i nt o / var / www/ ht ml
hi er ar chy di r ect or y.
12. mkdi r / var / www/ ht ml / r hel 4
13. 1
st
CD
15. cp r f / medi a/ cdr om/ * / var / www/ ht ml / r hel 4
17. 2
nd
, 3
r d
and 4
t h
CD
19. cp f / medi a/ cdr om/ RedHat / RPMS/ *
/ var / www/ ht ml / r hel 4/ / RedHat / RPMS
21. chkconf i g ht t pd on
ser vi ce ht t pd r est ar t | st ar t
Server Preparation for NFS (Network File Services):
RH302


- 34 -
Li nux has t he same met hod of shar i ng r esour ces as Uni x. Al l
shar i ng di r ect or y ar e l i st ed i n / et c/ expor t s f i l e.
/ dat a *. exampl e. com( r w, sysnc)
t r ust ed. cr acker . or g( r o, sysnc) : whi ch l i ne shar es t he / dat a
di r ect or y f r om t he l ocal ser ver t o al l t he member of
exampl e. com domai n as wel l as t r ust ed. cr acker . or g host . Al l
member of exampl e. com can access t he shar ed dat a i n r ead
and wr i t e access mode but t he t r ust ed. cr acker . or g host can
access onl y i n r ead onl y mode.
For NFS based I nst al l at i on, you shoul d shar e t he RHEL cd
copi ed di r ect or y i n / et c/ expor t s.
Suppose I copi ed i n / var / f t p/ pub t hen, I have t o wr i t e i n
/ et c/ expor t s
Exampl e:
/ var / f t p/ r hel 4 *( r o, sync)
#ser vi ce nf s st ar t
#ser vi ce por t map r est ar t
#chkconf i g nf s on
Starting Installation:
Mi ni mumRequi r ement s f or RHEL I nst al l at i on:
1. Bet t er Pent i mumCl ass CPU
2. 256 MB RAM
3. 2- 6 GB Har d Di sk.
RH302


- 35 -

To st ar t t he I nst al l at i on t hr ough any net wor k based
i nst al l at i on met hod i n cl i ent comput er , your r equi r e t he
I nst al l at i on st ar t up di sks. That i s avai l abl e i n 1
st
CD of
Redhat Ent er pr i se Li nux on i mages f ol der . Fr om RHEL4 no
l onger avai l abl e t o suppor t on Fl oppy, you r equi r e t he USB
di sks.
I n i mages f ol der of 1
st
CD, you wi l l get t he di skboot . i mg
i mage f i l e, you need t o cr eat e t he i mage of t hi s i mage f i l e
i nt o usb di sk.
Cr eat i ng t he i mage of di skboot . i mg:
dd < di skboot . i mg >/ dev/ sda?
Or
cat di skboot . i mg >/ dev/ sda?
I f you want t o st ar t t he i nst al l at i on i n cl i ent usi ng cd,
j ust wr i t e t he boot . i so i n bl ank cd, usi ng cdrecord
command.
When you st ar t t he I nst al l at i on usi ng t he boot . i so cd, you
wi l l get t he boot : pr ompt wher e you wi l l get mor e opt i ons.
I n boot pr ompt , t ype linux askmethod command, whi ch wi l l
ask you t o sel ect t he di f f er ent i nst al l at i on met hod. Sel ect
t he Language, Keyboar d opt i ons, i f RHEL i s al r eady
i nst al l ed i n your syst em, i t wi l l ask you ei t her f r esh
i nst al l at i on or upgr ade.
RH302


- 36 -
I nst al l at i on st ar t ed sui ng ei t her USB di sk or boot . i so CD,
i t wi l l ask you t he I nst al l at i on met hod,
i . Sel ect FTP t o i nst al l t hr ough FTP ser ver and
cl i ck on Next . I t wi l l ask f or I P addr ess assi gn
ei t her st at i cal l y or dynami cal l y. Di al og wi l l ask
f or FTP ser ver and Redhat Ent er pr i se Li nux
Di r ect or y, Speci f y t he Ser ver name and di r ect or y:
Exampl e:
I n our FTP ser ver pr epar at i on, we have copi ed i n
/ var / f t p/ r hel 4 suppose ser ver has I P addr ess
192. 168. 0. 254.
Ser ver : 192. 168. 0. 254
RedHat Ent er pr i se Li nux Di r ect or y: r hel 4
Note: When you i nst al l as anonymousl y, aut omat i cal l y
anonymous l ogi n i nt o / var / f t p di r ect or y, so you have
t o wr i t e t he pat h af t er def aul t di r ect or y.
i i . Sel ect HTTP t o i nst al l t hr ough HTTP ser ver and
cl i ck on Next . I t wi l l ask f or I P Addr ess assi gn
ei t her st at i cal l y or dynami cal l y. Di al og wi l l ask
f or t he HTTP ser ver and Di r ect or y. Exampl e:
I n our HTTP ser ver pr epar at i on, we have copi ed i n
/ var / www. ht ml / r hel 4 suppose ser ver has I P addr ess
192. 168. 0. 254.
Websi t e name: 192. 168. 0. 254
RH302


- 37 -
RedHat Ent er pr i se Li nux Di r ect or y: r hel 4
Def aul t Di r ect or y f or HTTP i s / var / www/ ht ml , When you
use t hi s met hod t o i nst al l , you must speci f y t he pat h
of di r ect or y af t er def aul t di r ect or y.
i i i . Sel ect NFS I mage t o i nst al l f r om NFS shar ed
di r ect or y. When you cl i ck on Next i t wi l l ask f or
I P Addr ess f or you machi ne, assi gn ei t her st at i c
I P or f r om DHCP ser ver i f DHCP ser ver i s
conf i gur ed.
When you cl i ck on Next af t er assi gni ng I P
addr ess, i t wi l l ask f or t he NFS ser ver and
RedHat Ent er pr i se Li nux Di r ect or y:
I n our NFS ser ver pr epar at i on, we have copi ed al l
CD s cont ent s i n / var / f t p/ r hl e4 and shar ed t hat
di r ect or y.
NFS Ser ver : 192. 168. 0. 254
RedHat Ent er pr i se Li nux Di r ect or y: / var / f t p/ r hel 4
I n NFS based I nst al l at i on, you shoul d gi ve t he
shar ed pat h f or di r ect or y. I n ser ver
/ var / f t p/ r hel 4 di r ect or y i s shar ed.

We cr eat e t he mul t i pl e par t i t i ons i nt o t he si ngl e due t o
t he per f or mance, secur i t y, quot a et c r easons. Gener al l y
RH302


- 38 -
RHEL 4 r equi r ed onl y t wo t ypes of par t i t i ons one i s Li nux
nat i ve and anot her i s swap, but as per st andar di zat i on, you
shoul d cr eat e t he mul t i pl e par t i t i ons. t o i nst al l t he RHEL
wi t h st andar di zat i on, you need t o cr eat e t he f ol l owi ng
par t i t i ons.
/ Li nux Root di r ect or y
/ boot Li nux Ker nel and Boot r el at ed f i l es.
/ usr Cont ai ns t he User commands and Admi ni st r at i ve
commands wi t h sub di r ect or y
/ var Log f i l es, spool i ng f i l es, def aul t cache
di r ect or y
/ home User s Home Di r ect or y
/ opt Opt i onal Di r ect or y f or Thi r d par t y Pr oduct s
/ t mp Di r ect or y f or Tempor ar y f i l es and di r ect or y
/ r oot r oot s home di r ect or y
You can t separ at e t he f ol l owi ng di r ect or i es wi t h /
/ et c, / l i b, / bi n, / sbi n, / dev/
Af t er Cr eat i ng t he par t i t i ons, sel ect t he pl ace f or
boot l oader ei t her i n MBR ( Mast er Boot Recor d) or i n Fi r st
Sect or of Boot par t i t i on. MBR ( Mast er Boot Recor d) i s t he
speci al ar ea i n Fi r st Har d Di sk, whi ch cont ai ns t he
execut abl e code t o l oad t he OS f r omt he Syst em.
I t wi l l ask f or t he Fi r ewal l and SELi nux f eat ur e. I n
Your RHCE exam, di sabl e t he f i r ewal l and SELi nux.
RH302


- 39 -
r oot cal l ed t he super user i n Li nux syst em i s cr eat ed
aut omat i cal l y at i nst al l at i on t i me, set t he passwor d f or
r oot user .
Sel ect t he packages r equi r e t o you When you get t he package
sel ect i on di al og some def aul t packages ar e sel ect ed, i f you
r equi r e ot her t hen def aul t packages sel ect cust om packages
sel ect i on opt i on t hen sel ect t he packages r equi r ed t o you.
Af t er Fi ni shi ng t he I nst al l at i on, you wi l l get t he
i nst al l . l og, i nst al l . l og. sys and anaconda- ks. cf g f i l e i n
r oot s home di r ect or y. i nst al l . l og and i nst al l . l og. sys
f i l es ar e col l ed l og f i l es cr eat ed at i nst al l at i on t i me and
anaconda- ks. cf g i s t he sampl e ki ckst ar t conf i gur at i on f i l e.
Kickstart Installation:
I n Pr evi ous I descr i bed about t he di f f er ent t ypes of
i nst al l at i on. You have t o wai t i n mor e t i me t o i nst al l onl y
on one machi ne. Suppose now you have t o i nst al l wi t hi n 50
machi nes how much t i me wi l l t o spend ! ! ! and anot her
advant age i s cust omi zat i on i n Li nux syst em at i nst al l at i on
t i me.
Yes Ki ckst ar t i s t he met hod, whi ch cr eat es t he answer f i l e
t o i nst al l t he Li nux. When you st ar t t o i nst al l at i on you
shoul d speci f y t he answer f i l e name and l ocat i on. Li nux
wi l l i nst al l by r eadi ng t hat answer f i l e.
Preparing Kickstart Installation:
When you i nst al l Redhat Ent er pr i se Li nux, i t cr eat es t he
anaconda- ks. cf g f i l e, whi ch i s cal l ed ki ckst ar t sampl e
RH302


- 40 -
f i l e. I f you can modi f y t hat f i l e, modi f y as per your needs
anot her way you have by usi ng t he GUI based ki ckst ar t
i nst al l at i on f i l e pr epar at i on.
# syst em- conf i g- ki ckst ar t

Sel ect opt i ons as per your needs and save i nt o f i l e.
Here is the sample output of Kickstart Installation file:
#Gener at ed by Ki ckst ar t Conf i gur at or
#pl at f or m=x86, AMD64, or I nt el EM64T

#Syst em l anguage
l ang en_US
#Language modul es t o i nst al l
RH302


- 41 -
l angsuppor t en_US
#Syst emkeyboar d
keyboar d us
#Syst emmouse
mouse
#Syt emt i mezone
t i mezone Asi a/ Kat mandu
#Root passwor d
r oot pw - - i scr ypt ed $1$YNZXHr UK$nI I l W5J 5Yci bwI cj wgcDM0
#Reboot af t er i nst al l at i on
r eboot
#I nst al l OS i nst ead of upgr ade
i nst al l
#Use Web i nst al l at i on
ur l - - ur l f t p: / / 192. 168. 0. 75/ pub
#Syst emboot l oader conf i gur at i on
boot l oader - - l ocat i on=mbr
#Cl ear t he Mast er Boot Recor d
zer ombr yes
#Par t i t i on cl ear i ng i nf or mat i on
cl ear par t - - al l - - i ni t l abel
#Di sk par t i t i oni ng i nf or mat i on
par t / - - f st ype ext 3 - - si ze 1000
par t / boot - - f st ype ext 3 - - si ze 500
par t / home - - f st ype ext 3 - - si ze 1000
par t / var - - f st ype ext 3 - - si ze 1000
par t / usr - - f st ype ext 3 - - si ze 6000
par t swap - - si ze 256
#Syst emaut hor i zat i on i nf omat i on
aut h - - useshadow - - enabl emd5
RH302


- 42 -
#Net wor k i nf or mat i on
net wor k - - boot pr ot o=dhcp - - devi ce=et h0
#Fi r ewal l conf i gur at i on
f i r ewal l - - di sabl ed
#XWi ndows conf i gur at i on i nf or mat i on
xconf i g - - dept h=32 - - r esol ut i on=800x600 - -
def aul t deskt op=GNOME
#Package i nst al l i nf or mat i on
%packages - - r esol vedeps
@base- x
@gnome- deskt op
@edi t or s
@gr aphi cal - i nt er net
@t ext - i nt er net
@of f i ce
@ser ver - cf g
@webser ver
@mai l - ser ver
@smb- ser ver
@dns- ser ver
@f t p- ser ver
@net wor k- ser ver
@admi n- t ool s
@syst em- t ool s
@pr i nt i ng
%post
user add st udent
passwd - d st udent

RH302


- 43 -
Ther e ar e opt i ons, package sel ect i on, Post i nst al l at i on and
Pr e- i nst al l at i on.
I n Package sel ect i on i t wi l l l i st al l sel ect ed packages by
gr oup name wi t h st ar t i ng @, si mi l ar l y, %pr e sect i on i s used
t o wr i t e t he scr i pt s t o execut e bef or e st ar t i ng t he
I nst al l at i on and %post sect i on i s used t o wr i t e t he scr i pt s
t o execut e af t er i nst al l at i on. Suppose af t er i nst al l at i on
i n my cl ass r oom, I want t o cr eat e one user named st udent
wi t h bl ank passwor d on each and ever y machi ne. So I wr ot e
user add and passwd command.

RH302


- 44 -
Starting Installation through Kickstart
Af t er cr eat i ng t he Ki ckst ar t i nst al l at i on f i l e, ei t her copy
i n f l oppy or usb di sk or copy on some di r ect or y shar e
t hr ough NFS or make accessi bl e t hr ough f t p or ht t p

I f you woul d l i ke t o st ar t t he i nst al l at i on t hr ough
Ki ckst ar t answer f i l e copi ed i n Fl oppy Di sk.

boot : l i nux ks=f l oppy
I f you' r e boot i ng f r omt he Red Hat i nst al l at i on CD- ROM, you
can st i l l r ef er t o a Ki ckst ar t conf i gur at i on f i l e on a
f l oppy di sk wi t h t he f ol l owi ng command:
boot : l i nux ks=hd: f d0: / ks. cf g
Thi s assumes t he Ki ckst ar t conf i gur at i on f i l e i s cal l ed
ks. cf g and i s l ocat ed on t he f i r st f l oppy di sk on your PC.
Al t er nat i vel y, you can r ef er t o t he Ki ckst ar t conf i gur at i on
f i l e on a har d di sk wi t h t hi s command:
boot : l i nux ks=hd: hda2: / home/ mj / ks. cf g
Thi s assumes t he Ki ckst ar t conf i gur at i on f i l e i s cal l ed
ks. cf g and i s l ocat ed on t he second par t i t i on of t he f i r st
I DE dr i ve i n t he / home/ mj di r ect or y. The synt ax of t hi s
command cer t ai nl y l ooks st r ange; i t ' s been updat ed f or Red
Hat Li nux 9 and RHEL 3.
You don' t need t o get a Ki ckst ar t f i l e f r om a DHCP ser ver .
To boot f r om a speci f i c NFS or HTTP ser ver on t he net wor k,
RH302


- 45 -
say wi t h an I P addr ess of 192. 168. 0. 254, f r om t he
/ ki cks/ ks. cf g f i l e, t ype one of t he f ol l owi ng commands:
boot : l i nux ks=nf s: 192. 168. 0. 254: / ki cks/ ks. cf g
boot : l i nux ks=ht t p: 192. 168. 0. 254: / ki cks/ ks. cf g
However , even i f you' ve speci f i ed a st at i c I P addr ess i n
ks. cf g, t hi s i nst al l at i on l ooks f or I P addr ess i nf or mat i on
f r oma DHCP ser ver . I f not f ound, Anaconda cont i nues wi t h a
st andar d i nst al l at i on, not usi ng t he Ki ckst ar t f i l e.

RH302


- 46 -
Linux System Initialization:

When power on t he syst em f i r st i t per f or m t he POST ( Power
on Sel f Test ) , t hen BI OS wi l l i ni t i al i ze. BI OS i ni t i al i ze
t he devi ces and sel ect t he boot pr i or i t y devi ce.
BI OS execut es t he I PL ( I ni t i al Pr ogr am Locat or ) t o execut e
t he Boot l oader f r omMBR t o l oad Oper at i ng Syst em. I n RHEL 4
GRUB ( Gr and Uni f i ed Boot Loader ) i s t he st andar d as wel l as
def aul t boot l oader .
/ boot di r ect or y cont ai ns t he ker nel , I ni t i al r amdi sks f i l e
and boot l oader conf i gur at i on f i l e.
/ boot / gr ub/ gr ub. conf i s t he mai n conf i gur at i on f i l e f or
gr ub boot l oader . / boot / gr ub/ gr ub. conf s Symbol i c l i nk i s
cr eat ed i n / et c/ gr ub. conf .
GRUB i s t he most usef ul and mor e f l exi bl e boot l oader i n
Li nux, whi ch suppor t f or MD5 encr ypt ed passwor ds as wel l as
pr ovi des t he command pr ompt t o modi f y or edi t t he boot
l oader par amet er .
For mor e det ai l s of boot l oader commands and ot her
shor t cut s see on t he gr ub di spl ay scr een. i . e c f or
command, e f or edi t and a f or append.
POST BIOS Bootloader Kernel Init
RH302


- 47 -

I expl ai n how t o wor k wi t h gr ub command pr ompt at boot t i me
i n t r oubl eshoot i ng sect i ons.

Her e i s t he sampl e conf i gur at i on of gr ub boot l oader .
def aul t =0 : Thi s l i ne def i ne t o make def aul t OS 0 means
Fi r st Ti t l e wi l l be t he def aul t OS

t i meout =5 : Thi s l i ne def i ne t he t i me t o l oad t he def aul t
OS

spl ashi mage=( hd0, 0) / gr ub/ spl ash. xpm. gz : Thi s l i ne def i ne
t he pat h and f i l ename of spl ash i mage. By def aul t Spl ash
I mage i s i n / boot / gr ub/ spl ash. xpm. gz. ( hd0, 0) means f i r st
par t i t i on of f i r st har d di sk.
RH302


- 48 -

hi ddenmenu : Thi s l i ne def i ne whet her hi dden t he t i t l e menu
or not .

t i t l e Red Hat Ent er pr i se Li nux WS ( 2. 6. 9- 5. EL) : Ti t l e of
OS t o di spl ay on gr ub menu

r oot ( hd0, 0) : Assume t he boot par t i t i on as a r oot ( / )

ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et
: Pat h of Ker nel f i l e, mount i ng t he r oot ( / ) f i l e syst emas
a Read onl y mode. r hgb qui et def i nes whet her st ar t t he X
ser ver t o di spl ay pr ogr ess bar at boot t i me or not .
i ni t r d / i ni t r d- 2. 6. 9- 5. EL. i mg : I ni t i al RAM di sk f i l e.

To i nst al l Gr ub Boot l oader :
gr ub- i nst al l / dev/ hda : Whi ch i nst al l t he gr ub boot l oader
on MBR.
Pr ot ect i ng Boot l oader and Oper at i ng Syst em.
I f anyone can access physi cal l y t he syst em, t hen can go
f or t he si ngl e user mode f r om t he gr ub pr ompt and wi l l
change t he passwor d. I s GRUB Secur e ? Not i ng i s 100%
secur e, i t i s your r esponsi bi l i t y t o make secur e t he
syst em.
RH302


- 49 -

Grub in Edit Mode
We can set passwor d f or passi ng ker nel ar gument and anot her
i s t o boot t he oper at i ng syst em. You have choi ce whet her
want t o ent er pl ai n t ext passwor d or encr ypt ed !
To encr ypt t he passwor d:
#gr ub- md5- cr upt
Ent er t he passwor d, i t wi l l di spl ay t he out put i n encr ypt ed
f or mat . You can set ei t her encr ypt ed or pl ai n t ext
passwor d.
Def aul t =0
t i meout =5
spl ashi mage=( hd0, 0) / gr ub/ spl ash. xpm. gz
RH302


- 50 -
#passwor d=r edhat : Set t i ng pl ai n t ext passwor d f or ker nel
ar gument s
passwor d - - md5 out put of gr ub- md5- cr ypt : - Set t i ng
encr ypt ed passwor d f or passi ng ker nel ar gument . When user
ent er t hi s passwor d onl y t hen can modi f y t he boot l oader
par amet er s f r omgr ub pr ompt at boot t i me.

/ boot / gr ub/ spl ash. xpm. gz.
hi ddenmenu
t i t l e Red Hat Ent er pr i se Li nux WS ( 2. 6. 9- 5. EL)
#passwor d=r edhat : Set t i ng OS l oad passwor d, when user t r y
t o l oad Oper at i ng Syst em, i t wi l l ask f or t he passwor d, i f
user wi l l gi ve cor r ect t hen onl y Oper at i ng Syst emwi l l
l oad.
passwor d - - md5 out put of gr ub- md5- cr ypt

r oot ( hd0, 0)
ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et
i ni t r d / i ni t r d- 2. 6. 9- 5. EL. i mg : I ni t i al RAM di sk f i l e.

RH302


- 51 -

When you sel ect t he Oper at i ng Syst em f r om Boot l oader , t hen
ker nel of OS st ar t s t o boot t he syst em. Ker nel wi l l
r ecogni ze t he devi ces connect ed on syst em, l oads modul es
( dr i ver ) t o r ecogni ze t he devi ces or t o suppor t ext r a f i l e
syst ems.
When Ker nel per f or m t hese t asks, i t wi l l hangover t o t he
i ni t pr ogr am. I ni t i s t he most i mpor t pr ogr am i n Li nux
Oper at i ng, whi ch per f or m non- TCP/ I P ser vi ces i n Li nux by
r eadi ng t he conf i gur at i on f r om/ et c/ i ni t t ab.

Her e i s t he sampl e / et c/ i ni t t ab Conf i ur at i on f i l e:
i d: 5: i ni t def aul t :

# Syst emi ni t i al i zat i on.
si : : sysi ni t : / et c/ r c. d/ r c. sysi ni t

l 0: 0: wai t : / et c/ r c. d/ r c 0
l 1: 1: wai t : / et c/ r c. d/ r c 1
RH302


- 52 -
l 2: 2: wai t : / et c/ r c. d/ r c 2
l 3: 3: wai t : / et c/ r c. d/ r c 3
l 4: 4: wai t : / et c/ r c. d/ r c 4
l 5: 5: wai t : / et c/ r c. d/ r c 5
l 6: 6: wai t : / et c/ r c. d/ r c 6

# Tr ap CTRL- ALT- DELETE
ca: : ct r l al t del : / sbi n/ shut down - t 3 - r now

# When our UPS t el l s us power has f ai l ed, assume we have a
f ew mi nut es
# of power l ef t . Schedul e a shut down f or 2 mi nut es f r om
now.
# Thi s does, of cour se, assume you have power d i nst al l ed
and your
# UPS connect ed and wor ki ng cor r ect l y.
pf : : power f ai l : / sbi n/ shut down - f - h +2 " Power Fai l ur e;
Syst emShut t i ng Down"

# I f power was r est or ed bef or e t he shut down ki cked i n,
cancel i t .
pr : 12345: power okwai t : / sbi n/ shut down - c " Power Rest or ed;
Shut down Cancel l ed"

# Run get t ys i n st andar d r unl evel s
1: 2345: r espawn: / sbi n/ mi nget t y t t y1
RH302


- 53 -

# Run xdmi n r unl evel 5
x: 5: r espawn: / et c/ X11/ pr ef dm- nodaemon

Standard Run Level in Linux

0 - hal t
1, s , si ngl e - Si ngl e user mode
2 Mul t i user
3 - Ful l mul t i user mode
4 - unused
5 Mul t i user wi t h GUI ( Gr aphi cal User I nt er f ace) .
6 - r eboot

runlevel command di spl ays t he cur r ent and pr evi ous
r unl evel .
i ni t r unl evel changes t he r unl evel i n cur r ent sessi on.

i ni t pr ogr amr eads t he conf i gur at i on f r om/ et c/ i ni t t ab t o
i dent i f y t he def aul t r unl evel as wel l as t o execut e t he
r unl evel speci f i c scr i pt s.

id:5:initdefault:
The above l i ne i n / et c/ i ni t t ab f i l e def i nes t he def aul t
r unl evel t o boot syst em. I f you l ef t bl ank i n t he r unl evel
val ue, Syst emwi l l boot i n r unl evel 9 t hat i s undef i ni ed.

RH302


- 54 -
I f you pass t he ot her r unl evel f r omboot l oader i t wi l l
over r i de t o def aul t r unl evel speci f i ed i n / et c/ i ni t t ab.
Exampl e:
Pr ess a shor t cut s i n gr ub pr ompt and t ype t he r unl evel t o
boot t he syst em.
r o r oot =LABEL=/ r hgb qui et s

When you pass s ar gument s, syst emwi l l boot i n si ngl e user
mode.

The bel ow l i nes def i nes t he Syst em I ni t i al i zat i on and r un
l evel speci f i c scr i pt s.
si : : sysi ni t : / et c/ r c. d/ r c. sysi ni t : Syst emI ni t i al i zat i on
Scr i pt s, i ni t execut es f i r st r c. sysi ni t scr i pt s t o
i ni t i al i ze t he syst em.

l 0: 0: wai t : / et c/ r c. d/ r c 0 : Runl evel speci f i c Scr i pt s f or
r unl evel 0
r unl evel 1

r unl evel 2

r unl evel 3

RH302


- 55 -
r unl evel 4

r unl evel 5

r unl evel 6
i ni t pr ogr am r eads t he / et c/ i ni t t ab f i l e and pr ovi des by
def aul t 6 t er mi nal s f or Consol e Logi ns and One f or GUI
Logi ns.
You can add mor e t er mi nal s i n / et c/ i ni t t ab f i l e
Af t er wr i t i ng t hi s l i ne ei t her r eboot t he syst emor use t he
init q command t o r e- exami ne t he / et c/ i ni t t ab f i l e.

RH302


- 56 -
Controlling Services:
Daemon i s ser vi ce r uns on backgr ound and pr ovi des t he
syst em ser vi ces. I n Redhat Ent er pr i se Li nux t wo t ypes of
ser vi ces ar e avai l abl e.
i. Standalone
ii. Transient or controlled by xinetd
St andal one ser vi ces ar e l ocat ed i n / et c/ i ni t . d. They can
st ar t or st op wi t hout t he dependency of ot her ser vi ces.
To check t he st at us of ser vi ces:
# ser vi ce ser vi cename st at us
To st ar t t he ser vi ce:
# ser vi ce ser vi cename st ar t
To r est ar t t he ser vi ce:
#ser vi ce ser vi cename r est ar t
To st op t he Ser vi ce
# ser vi ce ser vi cename st op
ser vi ce command st ar t or st op t he ser vi ce f or cur r ent
sessi on. To st ar t or st op t he ser vi ce aut omat i cal l y at next
r eboot , you shoul d set on or of f st at us usi ng chkconf i g or
nt sysv or syst em- conf i g- ser vi ces command.
RH302


- 57 -
#chkconf i g - - l i st : Li st al l ser vi ces wi t h r unl evel
speci f i c on or of f st at us.
# chkconf i g ser vi cename on : Ser vi ce wi l l aut omat i cal l y
st ar t on r eboot .
#chkconf i g ser vi cename of f : Ser vi ce wi l l not st ar t on
r eboot .
#chkconf i g - - add ser vi cename : Ser vi ce wi l l add on ser vi ce
l i st
#chkconf i g - - del ser vi cename : Ser vi ce wi l l del et e f r om
ser vi ce l i st .
Anot her way of on or of f t he ser ve i s usi ng nt sysv t ool .
When you ent er ed nt sysv command on consol e command, you
wi l l get di al og l i ke, you can sel ect t he ser vi ce, whi ch you
want st ar t at boot t i me and can de- sel ect t o do not st ar t
at boot t i me.
Dialog of ntsysv
RH302


- 58 -

i f you enj oy wor ki ng wi t h t he GUI ver si on t ool s t her e i s a
t ool t o manage t o ser vi ce named syst em- conf i g- ser vi ce,
usi ng t hi s di al og you can st ar t or st op or r est ar t t he
ser vi ce f or cur r ent sessi on. As wel l as on or of f t he
ser vi ce f or next boot .
Dialog of system-config-service
RH302


- 59 -

Transient Service:
Tr ansi ent ser vi ce al so backgr ound ser vi ce cont r ol l ed by
xi net d super daemon. Al l t r ansi ent daemon wi l l r esi de i n
/ et c/ xi net d. d di r ect or y. Eg t el net , r l ogi n et c ar e cal l ed
t r ansi ent daemon.
To st ar t or st op t r ansi ent ser vi ce
#chkconf i g t el net on or of f
RH302


- 60 -
To l i st t he st at us of t r ansi ent daemon
#chkconf i g l i st ser vi cename
Af t er changi ng t he st at us of ever y t r ansi ent ser vi ces, you
shoul d r est ar t t he xi net d ser vi ce.
#ser vi ce xi net d r est ar t

Virtual File System
/ pr oc i s cal l ed t he vi r t ual f i l e syst em, whi ch f i l e syst em
cr eat es at boot t i me and cl ean al l at shut down t i me.
/ pr oc cont ai ns l ot s of f i l es and subdi r ect or y
1 2039 2336 3021 buddyi nf o f s memi nf o
sys
107 2059 2349 31 bus i de mi sc
sysr q- t r i gger
1420 2093 2360 3130 cmdl i ne i nt er r upt s modul es
sysvi pc
1421 21 2369 3132 cpui nf o i omem mount s
t t y
1422 2161 2370 3164 cr ypt o i opor t s mt r r
upt i me
1423 2171 2371 32 devi ces i r q net
ver si on
1424 2183 2372 33 di skst at s kal l syms
par t i t i ons vmst at
189 2261 2373 4 dma kcor e pci
RH302


- 61 -
2 2271 2374 5 dr i ver kmsg sel f
20 2281 2873 994 execdomai ns l oadavg sl abi nf o
2007 2307 3 acpi f b l ocks st at
2011 2326 30 asound f i l esyst ems mdst at swaps

Number s ar e cal l ed Pr ocess I D r unni ng on Cur r ent
Sessi on
cmdl i ne : Cont ai ns t he par amet er passed at boot t i me
f or GRUB.
cpui nf o : I nf or mat i on about CPU.
devi ces : Al l Devi ces r ecogni zed by t he ker nel
f i l esyst ems : Modul e l oaded t o suppor t f i l esyst em
par t i t i ons : Al l par t i t i ons r ecor d cr eat ed i n your
syst em
mdst at : St at us of Sof t war e RAI D Devi ce
swaps : Vi r t ual Memor y ( swap)
modul es : Cur r ent l y Loaded modul es by ker nel
i de : I nf or mat i on about I DE dr i ve
scsi : I nf or mat i on about SCSI dr i ve
Enabling IP Forwarding:

Li nux Syst em can use as a Rout er Box. Rout er hel ps f or
i nt er - net wor k communi cat i on. To use t he Li nux Syst em as a
Rout er , you shoul d enabl e t he I P For war di ng.
# echo 1 >/ pr oc/ sys/ net / i pv4/ i p_f or war d

I f i p_f or war d s val ue i s 1, i t means enabl e I P For war di ng,
i f 0 means di sabl e t he I P For war di ng.
Modi f i cat i on of pr oc f i l esyst em i s f or cur r ent boot
sessi on. When you change t he val ue i n / pr oc i t wi l l br i ngs
RH302


- 62 -
r ecent l y changes i n ker nel . Means when you set t he
i p_f or war d val ue t o 1, i t wi l l set onl y f or cur r ent
sessi on. I f you want t o make aut omat i cal l y enabl e t he I P
For war di ng on next boot t i me,
net . i pv4. i p_f or war d = 1 shoul d set on / et c/ sysct l . conf

Controlling Modules:

Li nux Ker nl e l oads t he modul e t o suppor t har dwar e as wel l
as some suppl ement ar y f i l e syst em. Gener al l y Modul es ar e
r esi dent i n / l i b/ modul es/ <Ker nel Ver si on> Di r ect or y. At
boot t i me t o r ecogni ze t he devi ce or t o suppor t t he
suppl ement ar y f i l e syst eml oads t he modul es.

/ l i b/ modul es/ <Ker nel Ver si on>/ modul es. dep f i l e cont ai ns t he
l i st of modul e dependenci es gener at ed by depmod command.

Command Description
Lsmod Li st al l l oaded modul es
modprobe Pr ogr am t o add or r emove
modul es f r omLi nux Ker nel
Depmod Gener at es t he modul e
dependenci es f i l e
Modinfo Di spl ays t he Modul e
i nf or mat i on
Insmod Pr ogr am I nser t t he modul e on
Ker nel
RH302


- 63 -
Rmmod Pr ogr am r emove t he modul e
f r omKer nel

/ et c/ modpr obe. conf f i l es cont ai ns t he al i as t o modul e name
, al i as name and par amet er s. Whi ch al i as wi l l cr eat e at
Li nux boot t i me. See t he sampl e of / et c/ modpr obe. conf .

al i as et h0 8139t oo
al i as snd- car d- 0 snd- i nt el 8x0
opt i ons snd- car d- 0 i ndex=0
i nst al l snd- i nt el 8x0 / sbi n/ modpr obe - - i gnor e- i nst al l snd-
i nt el 8x0 && / usr / sbi n/ al sact l r est or e >/ dev/ nul l 2>&1 | | :
r emove snd- i nt el 8x0 { / usr / sbi n/ al sact l st or e >/ dev/ nul l
2>&1 | | : ; }; / sbi n/ modpr obe - r - - i gnor e- r emove snd-
i nt el 8x0
al i as usb- cont r ol l er ehci - hcd
al i as usb- cont r ol l er 1 uhci - hcd

I n Fi r st l i ne of t he / et c/ modpr obe. conf cont ai ns t he al i as
name et h0 wi t h modul e 8139t oo. User use t he devi ce by name
et h0 ( Fi r st Et her net car d devi ce name) , but i t i s not
act ual l y t he devi ce j ust al i as t o devi ce modul es.

RH302


- 64 -
Creating and Managing Partitions
We di vi de t he Si ngl e l ar ge si ze di sk i nt o mul t i pl e
par t i t i ons f or per f or mance, secur i t y and can i mpl ement t he
quot as on i ndi vi dual f i l esyst em. Par t i t i ons can be ei t her
pr i mar y or Logi cal . Pr i mar y par t i t i ons cont ai ns t he
Oper at i ng Syst em s f i l e t o l oad t he OS and Logi cal
par t i t i ons cr eat ed under t he ext ended par t i t i ons.
Device Conventions:
/ dev/ hda : Pr i mar y Mast er
/ dev/ hdb : Pr i mar y Sl ave
/ dev/ hdc : Secondar y Mast er
/ dev/ hdd : Secondar y Sl ave
Exampl e: / dev/ hda3 : Thi r d par t i t i on of Pr i mar y Har d di sk.
/ dev/ f d0 : Devi ce of Fi r st Fl oppy Di sk
/ dev/ sda : Fi r st SCSI Di sk
You can cr eat e par t i t i on on har d di sk usi ng di f f er ent t ool s
exampl e f di sk, sf di sk, GNU par t ed et c. Ther e i s l i mi t at i on
of cr eat i ng t he par t i t i ons usi ng f di sk because you onl y
abl e t o cr eat e t he maxi mum16 par t i t i ons.
# f di sk l : Li st Al l par t i t i ons cr eat ed i n your Li nux
Syst em
# f di sk / dev/ hda : Ent er i nt o t he f di sk mode
RH302


- 65 -

you can use t he m shor t cut t o di spl ay al l avai l abl e
opt i ons. Some i mpor t ant opt i on
n : Cr eat e new Par t i t i on
d : Del et e exi st i ng Par t i t i on
t : Change Syst emI D Type
q : Qui t wi t hout save
w: Wr i t e and Save
Cr eat e t he par t i t i on wi t h your desi r e si ze, Syst em I D t hen
save and exi t f r om t he par t i t i ons. By def aul t par t i t i on
wi l l cr eat e havi ng Li nux Nat i ve 83 Syst emI D. Li ke swap has
82 syst emI D, Rai d par t i t i ons has f d and LVM has 83 et c. So
t o change t he Syst em I D as your r equi r e use t he t shor t cut
and change.
RH302


- 66 -

Creating Filesystem
We have mkf s or mke2f s command t o cr eat e t he ext 2, ext 3
, vf at et c f i l e syst emi n Li nux.
Synt ax :
# mkf s t <f st ype> devi ce
# mke2f s <opt i ons> devi ce
Exampl e: # mkf s t ext 3 / dev/ hda8 Whi ch cr eat es t he ext 3
f i l esyst emon / dev/ hda8.
Mounting Filesystem:
Mount pr ocess br i ngs t he ext er nal devi ce or ot her devi ce as
a hi er ar chy of Li nux Syst em. Bef or e accessi ng any ot her
f i l esyst em, i t must br i ngs i n Li nux Fi l esyst em t r ee. Mount
command br i ngs ot her f i l esyst emi n Li nux syst emt r ee.
Synt ax: # mount t <f s t ype> - o opt i ons devi ce mount poi nt
RH302


- 67 -
Fi l esyst emt ype can be ext 2, ext 3, vf at , i so9660 et c. When
you mount wi t hout speci f yi ng any mount opt i ons, def aul t
opt i ons be r w, sui d, exec, dev, aut o, nouser and async.
Mount Opt i ons
Opt i ons Descr i pt i on
r w Mount on Read and Wr i t e mode
sui d Mount wi t h SUI D bi t
exec Can execut e f i l es on t hi s
f i l esyst em
aut o Aut omount
nouser Ot her user can t unmount or
r emount t he f i l esyst em
async Mount on async mode
You can use ot her opposi t e mount opt i ons r o, nosui d,
noexec, nodev, noaut o, user and sysnc.

Exampl e:
# mount t ext 3 o r o / dev/ hda16 / dat a
# mount t i so9660 o r o / dev/ hdb / medi a/ cdr om
When you mount t he f i l esyst emusi ng t he mount command, i t
mount s onl y f or cur r ent sessi on onl y. To mount
aut omat i cal l y at boot t i me, you need t o wr i t e i n / et c/ f st ab
f i l e. At boot t i me r c. sysi ni t f i l e mount s al l f i l esyst em
wr i t t en i n / et c/ f st ab.
Pat t er n of / et c/ f st ab
RH302


- 68 -
Devi ce mount poi nt f i el syst em mount opt i ons dump
f r equency f sck or der
Exampl e:
/ dev/ hda16 / dat a ext 3 def aul t s 0 1

Setting Label on device
We can set t he l abel name on ext 2/ ext 3 f or mat t ed f i l esyst em
usi ng e2l abl e command or at f i l esyst em cr eat i ng t i me usi ng
l opt i on wi t h mke2f s command. One of t he benef i t s of
set t i ng l abel i s t hat no need t o r emember t he devi ce name
t o access j ust by l abel name can use t he devi ce.
# e2l abel / dev/ hda16 / mydr i ve
Now mount usi ng l abel Name
# mount L / mydr i ve / dat a
or
# mount LABEL=/ mydr i ve / dat a
Si mi l ar l y i n / et c/ f st ab al so f i l esyst emcan mount usi ng t he
l abel name.
Exampl e:
LABEL=/ mydr i ve / dat a ext 3 def ul t s 0 0
RH302


- 69 -
Mounting Other Filesystem like NFS
Devi ces ar e l ocal l y connect ed on t he syst em but you shoul d
abl e t o mount t he NFS ( Net wor k Fi l e Ser vi ces) Shar e on your
Local Syst em.
showmount command hel ps t o di spl ay al l shar ed di r ect or y
f r omt he par t i cul ar syst em.
# showmount e ser ver
# mount t nf s ser ver : / pat h mount poi nt I t wi l l mount t he
nf s shar e f or t he cur r ent sessi on.
I f you woul d l i ke t o mount t he nf s shar e aut omat i cal l y at
boot t i me t her e i s f st ab f i l e. Whi ch hel ps t o mount t he
f i l esyst emaut omat i cal l y at boot t i me.
Syntax of fstab file:
Device mount point filesystem mounting options
dump frequency fsck order
Exampl e: ser ver 1. exampl e. com: / dat a / dat a nf s def aul t s
0 0 : I t wi l l mount t he di r ect or y / dat a shar ed f r om
ser ver 1. exampl e. comi nt o l ocal di r ect or y / dat a.
Samba Client:
NFS ser vi ce i s used t o shar e t he r esour ces bet ween t he
Li nux or Uni x envi r onment . I f you Mi cr osof t Wi ndows and
Li nux, t o access t he r esour ces you r equi r e t he samba. Samba
Cl i ent i s t he t ool use t he access t he wi ndows shar e i n
Li nux.
RH302


- 70 -
# smbl ci ent L / / wi ndows1 U user name : Li st al l shar e f r om
wi ndows1
# smbcl i ent / / wi ndows1/ t est U user name : Connect t o shar ed
di r ect or y t est t o downl oad or upl oad f i l es
# smbmount - o user name=user 1 / / wi ndows1/ t est / mnt / samba :
Mount s t he t est di r ect or y of wi ndows1 syst em i nt o samba
di r ect or y i n / mnt .
# smbumount / mnt / samba : Unmount s t he samba mount ed on
/ mnt / samba
# mount t smb o user name=user 1 / / wi ndows1/ t est / mnt / samba
: Mount s t he t est di r ect or y of wi ndows1 syst em i nt o samba
di r ect or y i n / mnt .
# umount / mnt / samba : Unmount t he samba mount ed on
/ mnt / samba
RH302


- 71 -
Network Configuration
Li nux Syst em Recogni ze t he Net wor k devi ces et h0, et h1 et c
f or Fi r st Et her net car d, t r 0, t r 1 et c f or Token Ri ng and
f ddi 0, f ddi 1 et c f or FDDI I nt er f ace.
To r ecogni ze al l t hese net wor k devi ces ker nel l oads t he
Modul es f r om/ l i b/ modul es di r ect or y.
/etc/sysconfig/network f i l e i s cal l ed t he gl obal net wor k
conf i gur at i on f i l e cont ai ns gl obal par amet er f or net wor k
conf i gur at i on.
NETWORKI NG=yes | no
HOSTNAME=st at i on?. exampl e. com
GATEWAY=X. X. X. X
NI SDOMAI N=exampl e. com
To enabl e t he net wor k on you syst em val ue of NETWORKI NG
shoul d be yes. Some ser vi ces ar e dependabl e on t hi s
par amet er , whi ch r equi r ed NETWORKI NG=yes. Ther e i s hostname
command, whi ch pr i nt s or set t he host name f or cur r ent
sessi on but t o set t he host name per manent l y on your
syst em, you shoul d speci f y t he host name i n HOSTNAME=
par amet er . GATEWAY par amet er def i nes t he gl obal def aul t
gat eway and l ast one i s NI SDOMAI N, whi ch def i nes t he domai n
f or NI S.
/ et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h? Fi l e i s cal l ed
t he i nt er f ace speci f i c f i l e use t o conf i gur e t he speci f i c
RH302


- 72 -
i nt er f ace. Gener al l y i nt er f ace speci f i c f i l e cont ai ns
f ol l owi ng par amet er s:
DEVI CE=devi cename
ONBOOT=yes | no
BOOTPROTO=st at i c | dhcp
I PADDR=X. X. X. X
NETMASK=X. X. X. X
GATEWAY=X. X. X. X
Devi ce par amet er def i ne t he devi ce name of conf i gur at i on
t hat i s same as i f cf g- et h?. Onboot par amet er def i nes
whet her br i ng up i nt er f ace aut omat i cal l y at boot t i me or
not . I f you set yes, i t wi l l enabl e t he I nt er f ace at boot
t i me ot her wi se you shoul d manual l y st ar t t he i nt er f ace.
Boot pr ot o def i ne t he boot pr ot ocol ei t her st at i c or dhcp.
I f you use st at i c, you shoul d assi gn t he I P Addr ess, Subnet
mask manual l y and i f you set dhcp, i p addr ess, net mask and
ot her i nf or mat i on wi l l assi gn by DHCP ser ver . GATEWAY i s
t he i nt er f ace speci f i c Gat eway par amet er , whi ch over r i des
t he gl obal gat eway par amet er .
#i f conf i g : Command used t o di spl ay t he i nf or mat i on about
i nt er f ace connect ed i nt o t he syst em.
# i f down et h0 : Whi ch downs t he i nt er f ace
# i f up et h0 : whi ch br i ngs up t he i nt er f ace
RH302


- 73 -
Whenever you change t he conf i gur at i on of
/ et c/ sysconf i g/ net wor k f i l e, you shoul d r est ar t t he net wor k
ser vi ce. Si mi l ar l y af t er changi ng t he conf i gur at i on of
i nt er f ace shoul d down and up once.
Assigning Multiple IP Address on Interface
For Rout i ng you can assi gn mul t i pl e I P Addr esses on same
I nt er f ace. On One Physi cal I nt er f ace we can assi gn upt o 256
I P Addr esses.
# vi / et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h0: 0
I PADDR=x. x. x. x
NETMASK=x. x. x. x
# i f down et h0
#i f up et h0
I f you want t o assi gn mor e I P Addr ess by r ange
# vi / et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h0- r angeX
I PADDR_START=x. x. x. x
I PADDR_END=x. x. x. x
CLONENUM=x
#i f down et h0
#i f up et h0
RH302


- 74 -
Now, you can ver i f y usi ng i f conf i g command.
Ther e i s one consol e based t ool t o conf i gur e i s net conf i g.
You can assi gn I P Addr ess, Net mask, Gat eway and DNS ser ver
usi ng net conf i g t ool .

I f you enj oy wor ki ng wi t h Redhat s GUI Envi r onment , t her e
i s anot her t ool s t o conf i gur e Net wor k: syst em- conf i g-
net wor k

Working with routing Table
You can conf i gur e t he r out i ng t abl e t o di st r i but e t he
r out i ng pat h. I f you ar e usi ng t he Li nux as a Rout er box,
you shoul d mai nt ai n t he r out i ng t abl e.
#r out e n or net st at r n command pr i nt s r out i ng t abl e
conf i gur ed i n Li nux Syst em.
# r out e add - net 192. 168. 1. 0 255. 255. 255. 0 gw
ser ver 1. exampl e. com : Whi ch adds i n t he r out i ng t abl e t hat
RH302


- 75 -
packet s f or 192. 168. 1. 0 net wor k shoul d go t hr ough
ser ver 1. exampl e. com.
# r out e add - net 192. 168. 5. 0 255. 255. 255. 0 dev et h1 :
Packet s t o 192. 168. 5. 0 net wor k shoul d go t hr ough et h1
devi ce.
Static Routing:
St at i c r out e set on per - i nt er f ace basi s . To cr eat e t he
st at i c r out e
# vi / et c/ sysconf i g/ net wor k- scr i pt s/ et h?. r out e
ADDRESS0=x. x. x. x
NETMASK0=x. x. x. x
GATEWAY0=x. x. x. x
Addr ess and net mask par amet er r epr esent s t he addr ess of
r emot e net wor k and subnet mask. Gat eway par amet er def i ne
t he pat h t o r each on r emot e net wor k.

DNS Client Configuration
DNS ( Domai n Name Ser ver ) Resol ve Name t o I P and I P t o Name
as wel l DNS def i nes t he Mai l Exchanger f or t he par t i cul ar
Domai n. When user t r y t o access by name r equest goes t o DNS
ser ver t o r esol ve t han name t o I P Addr ess because syst em
al ways wor ks on Logi cal Addr ess. So we can speci f y t he DNS
ser ver i n / et c/ r esol v. conf f i l e.
RH302


- 76 -
Exampl e: / et c/ r esol v. conf
nameser ver x. x. x. x
nameser ver x. x. x. x
# host www. abc. com host command sends r equest t o DNS
ser ver t o r esol ve www. abc. com and di spl ays t he I P Addr ess
associ at e wi t h www. abc. com
#di g www. abc. com di g command sends r equest s t o DNS ser ver
t o r esol ve www. abc. com and di spl ays t he I P Addr ess
associ at e wi t h www. abc. com.
#nsl ookup www. t heexamki ng. com nsl ookup al so DNS cl i ent
t ool , whi ch sends t he r equest t o DNS ser ver t o r esol ve i nt o
I P Addr ess.

Package Management
The RedHat Package Manager ( RPM) pr ovi des t he st andar d way
of managi ng t he package on Ent er pr i se Li nux. Usi ng RedHat
Package Manager , we can i nst al l , upgr ade, r emove t he gr oups
of appl i cat i ons or ut i l i t i es.
Gener al l y we need t o check t he i nt egr i t y of package,
i nst al l , upgr ade, r emove et c. RPM package manager mai nt ai ns
t he l ocal r pm dat abase i n / var / l i b/ r pm di r ect or y. When you
sends t he quer i es r egar di ng t he package ei t her i nst al l ed or
not , i nst al l ed ver si on, al l i nst al l ed package, i nt egr i t y of
package, i t wi l l check i n l ocal dat abase.
RH302


- 77 -
Querying the Package
#rpm -q setup
set up- 2. 5. 27- 1
When you quer y f or speci f i c package i f package i s
i nst al l ed on syst emi t wi l l di spl ay wi t h package ver si on
and f ul l name f r omt he l ocal RPM dat abase.

Querying and list All Installed Package
# rpm qa

Checki ng t he owner package
[ r oot @exampl e ~] # r pm- qf / bi n/ echo
cor eut i l s- 5. 2. 1- 31
To i nst al l t he package:
# r pm- i vh packagename
Wher e i means i nst al l , v means ver bose and h means
di spl ay t he hash mar k of pr ogr ess.
To Upgr ade Package
# r pm- Uvh packagename
Wher e U means upgr ade i f l ower ver si on i s i nst al l ed
el se i nst al l ed new copy, v and h ver bose and hash
mar k. When you upgr ade t he package, conf i gur at i on
f i l e of ol d package i s r enamed by addi ng t he
. r pmsave ext ensi on.

# r pm- Fvh packagename
RH302


- 78 -
Wher e F means Upgr ade package i f l ower ver si on i s
i nst al l ed onl y, v means ver bose and h means di spl ay
t he hash mar k.

To quer y t he i nf or mat i on of package
# r pmqi packagename
To Li st al l f i l es bel ongs t o package
# r pmql packagename

When you i nst al l t he package package s r ecor d wi l l mai nt ai n
i n l ocal dat abase / var / l i b/ r pm. Lat er you can ver i f y t he
si ze, owner , per mi ssi on, MD5 sumand modi f y t i me agai nst
t he RPM dat abase.
# r pmV or - - ver i f y packagename
Exampl e:
[ r oot @exampl e ~] # r pm- V ht t pd
S. 5. . . . T c / et c/ ht t pd/ conf / ht t pd. conf

Ther e ar e some out put r egar di ng t he ver i f i cat i on. Whi l e
ver i f yi ng t he package you can get t he f ol l owi ng
char act er s:

S Fi l e Si ze di f f er s
M Mode di f f er s ( i ncl udes
per mi ssi ons and f i l e t ype)
5 MD5 sumdi f f er s
D Devi ce maj or / mi nor number
mi smat ch
RH302


- 79 -
L r eadLi nk( 2) pat h mi smat ch
U User owner shi p di f f er s
G Gr oup owner shi p di f f er s
T mTi me di f f er s
When you use t he Redhat di st r i but ed Redhat Ent er pr i se
Li nux, Redhat si ngs al l package f i l e wi t h t he GPG pr i vat e
si gnat ur e. You can get one f i l e name RPM- GPG- KEY f i l e
cont ai ni ng t he si gnat ur e of al l packages. Fi r st you shoul d
i mpor t t hat key i nt o your l ocal dat abase t hen bef or e
i nst al l i ng any package you can ver i f y t he i nt egr i t y of
package.
# r pm- - i mpor t RPM- GPG- KEY
# r pm- - checksi g packagename
RPM Dependencies Resolution
When you t r y t o i nst al l t he new package, i t di spl ay t he
messages of dependenci es. I t t akes l ong t i me by i dent i f yi ng
and i nst al l t he dependenci es packages. Ther e one opt i ons - -
ai d whi ch aut omat i c r esol v t he dependenci es.
# r pm- i vh - - ai d packagename
Installing Package using Package Management tool
Ther e i s one gr aphi cal package management t ool t o manage
t he package.
# syst em- conf i g- packages
RH302


- 80 -

When you open t hi s di al og i t checks t he backup of al l
package f r om t he l ocal cd. I f you want t o speci f y
al t er nat i ve l ocat i on.
# syst em- conf i g- packages - -
t r ee=f t p: / / ser ver 1. exampl e. com/ pub
#syst em- conf i g- packages - -
t r ee=ht t p: / / ser ver 1. exampl e. com/ r hel 4
#syst em- conf i g- packages - - t r ee=/ backup

Installing Kernel
RH302


- 81 -
Ker nel cal l ed t he cor e of Oper at i ng Syst em. You shoul d abl e
t o i nst al l , uni nst al l t he ker nel pr ovi ded i n r pm f or mat .
You shoul d t hi nk one caut i on bef or e upgr adi ng t he ker nel .
When you upgr ade i t r emoves t he l ower ver si on of ker nel .
Suppose i f any har dwar e woul dn t suppor t by your new ker nel
what wi l l happen ?? Needs t o r e- i nst al l . So bet t er i n case
of ker nel , i nst al l new ker nel , check ever y per f or mance,
har dwar e suppor t of new ker nel and r emove manual l y ol d
ver si on of ker nel .
# r pmi vh ker nel - ver si on
When you i nst al l new ker nel r ecor d wi l l aut omat i cal l y add
i n boot l oader conf i gur at i on f i l e.
RH302


- 82 -
User and Group Administration
When you l ogi n t o t he syst em needs t o suppl y your i dent i t y
t o t he syst em t hat i s cal l ed t he user . One user can bel ong
t o mor e gr oups, gr oup i s t he r epr esent at i ve name of user s.
/ et c/ passwd f i l e i s cal l ed t he user dat abase f i l e, whi ch
mai nt ai ns t he r ecor d of al l cr eat ed user s. / et c/ shadow f i l e
cont ai ns t he MD5 encr ypt ed user s passwor d.
See the example:
r oot : x: 0: 0: r oot : / r oot : / bi n/ bash
bi n: x: 1: 1: bi n: / bi n: / sbi n/ nol ogi n
daemon: x: 2: 2: daemon: / sbi n: / sbi n/ nol ogi n
adm: x: 3: 4: adm: / var / adm: / sbi n/ nol ogi n
l p: x: 4: 7: l p: / var / spool / l pd: / sbi n/ nol ogi n
sync: x: 5: 0: sync: / sbi n: / bi n/ sync
shut down: x: 6: 0: shut down: / sbi n: / sbi n/ shut down
hal t : x: 7: 0: hal t : / sbi n: / sbi n/ hal t
mai l : x: 8: 12: mai l : / var / spool / mai l : / sbi n/ nol ogi n
news: x: 9: 13: news: / et c/ news:
uucp: x: 10: 14: uucp: / var / spool / uucp: / sbi n/ nol ogi n
oper at or : x: 11: 0: oper at or : / r oot : / sbi n/ nol ogi n
games: x: 12: 100: games: / usr / games: / sbi n/ nol ogi n
Pat t er n of / et c/ passwd f i l e i s
l ogi nname: passwor d: UI D: GI D: comment : home di r ect or y: l ogi n
shel l
Si mi l ar l y user s encr ypt ed passwor d st or es i n / et c/ shadow
f i l e
RH302


- 83 -
r oot : $1$pPOCmMEL$GpUuTt SZUcFh0QQnbr NyS0: 13352: 0: 99999: 7: : :
bi n: *: 13345: 0: 99999: 7: : :
daemon: *: 13345: 0: 99999: 7: : :
adm: *: 13345: 0: 99999: 7: : :
l p: *: 13345: 0: 99999: 7: : :
sync: *: 13345: 0: 99999: 7: : :
shut down: *: 13345: 0: 99999: 7: : :
hal t : *: 13345: 0: 99999: 7: : :
I n Redhat Ent er pr i se Li nux, when you cr eat e t he user at
same t i me gr oup al so cr eat ed wi t h t he same user name. That
gr oup i s cal l ed t he user s pr i vat e gr oup. When you cr eat e
ei t her User or Gr oup, syst ems wi l l assi gn a new uni que I D
cal l ed User I D and Gr oup I D. Al l cr eat ed gr oup i nf or mat i on
st or es i n / et c/ gr oup f i l e.
r oot : x: 0: r oot
bi n: x: 1: r oot , bi n, daemon
daemon: x: 2: r oot , bi n, daemon
sys: x: 3: r oot , bi n, adm
adm: x: 4: r oot , adm, daemon
t t y: x: 5:
RH302


- 84 -
di sk: x: 6: r oot
l p: x: 7: daemon, l p
mem: x: 8:
kmem: x: 9:
wheel : x: 10: r oot
mai l : x: 12: mai l
news: x: 13: news
uucp: x: 14: uucp
man: x: 15:
games: x: 20:
gopher : x: 30:
di p: x: 40:
Command Description
Id Di spl ays user and Gr oup I D
Groups Di spl ays al l bel ongs gr oup name and I D
whoami Di spl ays Logon name
w, who ,
users
Di spl ays al l l ogged on user s name
Useradd Adds t he user on Syst em
Userdel Del et es t he user f r omsyst em
groupadd Adds t he gr oup on Syst em
groupdel Del et es t he gr oup f r omSyst em
RH302


- 85 -
Passwd Changes t he passwor d of user
Exampl e:
# user add user 1
# passwd user 1
#gr oupadd t r ai ni ng
#gr oupdel t r ai ni ng
When you cr eat e t he user named user 1, syst em adds t he
r ecor d i n / et c/ passwd f i l e, / et c/ shadow f i l e, / et c/ gr oup
f i l e, / var / spool / mai l / user 1 f i l e as wel l as cr eat es t he
home di r ect or y. By def aul t i t cr eat es same gr oup name wi t h
user cr at es and make bel ongs t hat user pr i mar i l y t o t hat
gr oup.
Gener al l y pr i mar y gr oup i s used t o def i ne t he owner shi p
ei t her f i l e/ di r ect or y or pr ocess gr oup owner wi l l be t he
pr i mar y gr oup of t he user but suppl ement ar y gr oup i s used
t o access t he r esour ces.
I n Li nux Ever y f i l e or di r ect or y i s owned by some user or
some gr oup. As wel l as per mi ssi on al so def i ned t o owner
user , owner gr oup member and ot her s.
- r w- r - - r - - 1 user 1 admi n 5 J ul 26 14: 46 r hce
See second, t hi r d and f our t h char act er r epr esent s t he
per mi ssi on t o owner user user 1. Fi f t h, Si xt h and Sevent h
r epr esent s per mi ssi on t o admi n gr oup member . Ei ght , ni ne
RH302


- 86 -
and t ent h char act er s r epr esent s t he per mi ssi on t o ot her s.
Her e ot her s means nei t her owner user nor owner gr oup member
t hese ar e cal l ed ot her s.
Modifying User Accounts
user mod command hel ps t modi f y t he user account s. By
def aul t user s home di r ect or y cr eat es i n / home, passwor d
never expi r e, nor mal user s user i d st ar t t o assi gn f r om500
et c. Thi s def aul t pr oper t i es r eads f r om
/ et c/ def aul t / user add and / et c/ l ogi n. def s f i l e.
When user cr eat e i n l i nux syst em, one gr oup wi l l cr eat e
wi t h same user name and user makes bel ongs t o pr i mar i l y t o
t hat gr oup.
Synt ax: user mod [ opt i ons] user name
Opt i ons Descr i pt i on Exampl e
- s By def aul t bash assi gns t o
ever y user i n RHEL 4. usi ng s
opt i on i s user mod command you
can change t he passwor d.
user mod s / bi n/ sh
user 1
- d By def aul t user s home
di r ect or y cr eat es i n
/ home/ user name, usi ng d opt i on
can change t he user s home
di r ect or y.
user mod d
/ r home/ user 1 user 1
- g By def aul t user bel ongs
pr i mar i l y t o gr oup cr eat ed at
user cr eat i ng t i me, usi ng g
user mod g
t r ai ni ng user 1
RH302


- 87 -
opt i on can change t he pr i mar y
gr oup of user .
- G Usi ng G opt i on we can make user
bel ongs t o mor e t han one gr oup
t o access per mi ssi on
user mod G admi n
user 1
- L Lock t he user account user mod L user 1
- U Unl ock t he user account user mod U user 1
- e Set t he account expi r e t i me user mod e dat e
user 1
Setting password policies
I n RHEL 4 passwor d i s never expi r e by def aul t as wel l as
t her e i s no any f or ce t o change t he user s passwor d. When
cr eat i ng user i n Li nux Syst em, i t r eads t he def aul t
conf i gur at i on t o assi gn t o user s f r om / et c/ l ogi n. def s and
/ et c/ def aul t / user add f i l e. You can see on t hi s f i l e t hat
passwor d i s never expi r e.
Here is the default Configuration of /etc/login.defs
# *REQUI RED*
# Di r ect or y wher e mai l boxes r esi de, _or _ name of f i l e, r el at i ve t o
t he
# home di r ect or y. I f you _do_ def i ne bot h, MAI L_DI R t akes
pr ecedence.
# QMAI L_DI R i s f or Qmai l
#
#QMAI L_DI R Mai l di r
RH302


- 88 -
MAI L_DI R / var / spool / mai l
#MAI L_FI LE . mai l

# Passwor d agi ng cont r ol s:
#
# PASS_MAX_DAYS Maxi mumnumber of days a passwor d may be used.
# PASS_MI N_DAYS Mi ni mumnumber of days al l owed bet ween passwor d
changes.
# PASS_MI N_LEN Mi ni mumaccept abl e passwor d l engt h.
# PASS_WARN_AGE Number of days war ni ng gi ven bef or e a passwor d
expi r es.
#
PASS_MAX_DAYS 99999
PASS_MI N_DAYS 0
PASS_MI N_LEN 5
PASS_WARN_AGE 7

#
# Mi n/ max val ues f or aut omat i c ui d sel ect i on i n user add
#
UI D_MI N 500
RH302


- 89 -
UI D_MAX 60000

#
# Mi n/ max val ues f or aut omat i c gi d sel ect i on i n gr oupadd
#
GI D_MI N 500
GI D_MAX 60000

#
# I f def i ned, t hi s command i s r un when r emovi ng a user .
# I t shoul d r emove any at / cr on/ pr i nt j obs et c. owned by
# t he user t o be r emoved ( passed as t he f i r st ar gument ) .
#
#USERDEL_CMD / usr / sbi n/ user del _l ocal

#
# I f user add shoul d cr eat e home di r ect or i es f or user s by def aul t
# On RH syst ems, we do. Thi s opt i on i s ORed wi t h t he - mf l ag on
# user add command l i ne.
#
RH302


- 90 -
Syt ax: chage [ opt i ons] user
Opt i ons Descr i pt i on Exampl e
- M Maxi mum number of days a
passwor d may be used
Chage M 20 user 1
- m Mi ni mum number of days al l owed
bet ween passwor d changes.
Chage m10 user 1
- W Number of days war ni ng gi ven
bef or e a passwor d expi r es.
Chage W5 user 1
- I Number of days account shoul d
i nact i ve bef or e passwor d
expi r es.
Chage I 2 user 1
Redhat User and Group Manager
I f enj oy on wor ki ng wi t h t he Redhat s User and Gr oup
Manager , you can use t he GUI Ver si on of t hi s t ool t o
cr eat e, del et e, modi f y t he user account s.
Cl i ck Appl i cat i ons Syst emSet t i ngs User and Gr oup
RH302


- 91 -

Changing Ownership
Ever y r esour ces ar e owned by one par t i cul ar user as wel l as
user s pr i vat e gr oup. Lat er admi ni st r at or can change t he
owner shi p of f i l e or di r ect or y usi ng t he chown or chgr p
command.
Synt ax: chown [ - R] user : gr oup f i l e/ di r ect or y
Wher e R opt i ons i s cal l ed r ecur si ve. I t changes t he owner
of al l f i l es as wel l as al l subdi r ect or i es.
Exampl e: chown R user 1: admi n / dat a Whi ch changes t he owner
of / dat a t o user 1 user and admi n gr oup owner .
RH302


- 92 -
I f you woul d l i ke t o change t he gr oup owner shi p onl y you
can use t he chgr p command.
Exampl e: chgr p admi n / dat a : Whi ch changes t he gr oup owner
of / dat a t o admi n.
Changing Permission
Ever y Resour ces ar e cont r ol l ed by t he owner user , owner
gr oup member and ot her s per mi ssi on.
- r w- r - - r - - 1 nar ayan admi n 5 J ul 26 14: 46 r hce
chmod command i s used t o change t he per mi ssi on of f i l e or
di r ect or y.
# chmod u+r wx / dat a : Whi ch set t he r ead, wr i t e and execut e
per mi ssi on on / dat a di r ect or y t o owner user .
#chmod g+r wx / dat a : Whi ch set t he r ead, wr i t e and execut e
per mi ssi on on / dat a t o owner gr oup member
# chmod o- r wx / dat a : Whi ch r emoves t he r ead, wr i t e and
execut e per mi ssi on t o ot her s.
Her e + oper at or wor ks t o add t he per mi ssi on and r emoves
t he per mi ssi on. You can assi gn t he per mi ssi on by numer i c
met hod al so.
Read : 4
Wr i t e : 2
Execut e : 1
RH302


- 93 -
Tot al Per mi ssi on i s 7.
# chmod 770 / dat a : Whi ch assi gns t he r ead, wr i t e and
execut e per mi ssi on t o owner user and al l owner gr oup member
but no any per mi ssi on t o ot her s.
#chmod 754 / dat a : Whi ch assi gns t he r ead, wr i t e and
execut e per mi ssi on t o owner user , r ead and execut e
per mi ssi on t o gr oup member and r ead onl y per mi ssi on t o
ot her s.
Special Permission:
1. SUID or SGID bit on Executable File:
Li ke f i l es or di r ect or i es, pr ocess al so on under t he some
owner shi p. By def aul t pr ocess st ar t under t he owner shi p of
execut er . Means who i s goi ng t o execut e t he command,
pr ocess st ar t under t he owner shi p or secur i t y cont ext of
t hat user or gr oup.
When SUI D or SGI D bi t i s set t he execut abl e f i l e, pr ocess
st ar t s under t he secur i t y cont ext of f i l e owner t hen
execut er .
Exampl e: When user 1 uses t he cat command, pr ocess st ar t on
user 1 s owner shi p. But when we set t he SUI D or SGI D bi t on
cat command, al ways pr ocess st ar t on r oot s owner shi p
because r oot i s t he owner of cat command.
# chmod u+s f i l e
#chmod g+s f i l e
RH302


- 94 -
#chmod u- s f i l e
Bef or e set t i ng SUI D or SGI D per mi ssi on i s l i ke t hi s
- r wxr - xr - x 1 r oot r oot 19140 Oct 5 2004 / bi n/ cat
When you set t he SUI G and SGI D bi t you wi l l get
- r wsr - sr - x 1 r oot r oot 19140 Oct 5 2004 / bi n/ cat
SUI D or SGI D bi t appear on user and gr oup per mi ssi on i n
pl ace of x. I f s appear smal l t hat means wi t h execut e
per mi ssi on. I f s appear S t hen SUI D or SGI D wi t hout x
per mi ssi on.
2. SGID bit on directory
By def aul t f i l es or di r ect or y cr eat es wi t h owner shi p of
user and user s pr i mar y gr oup. When we set he SGI D bi t on
di r ect or y, t he gr oup owner of f i l e or subdi r ect or y cr eat ed
on t hat di r ect or y aut omat i cal l y wi l l be t he gr oup owner of
par ent gr oup.
Exampl e:
dr wxr wx- - - 3 r oot admi n 12324 J ul y 20 2006 12: 30 dat a
I n Out put per mi ssi on i s onl y t o owner user and t o owner
gr oup member . When user 1 whi ch bel ongs t o admi n gr oup
cr eat e t he f i l e i n / dat a owner wi l l be user 1 as wel l as
user 1 s pr i mar y gr oup.
# chmod g+s / dat a
RH302


- 95 -
When you set t he SGI D bi t on di r ect or y, when user user 1
cr eat es t he f i l e i n / dat a gr oup owner wi l l be admi n.
3. Sticky Bit
When one di r ect or y can access i n r ead, wr i t e and execut e
mode by mor e t han one user , one user can r emove ot her
user s f i l e. St i cky Bi t pr eser ve t o del et e by ot her user .
#chmod o+t / dat a
dr wxr wx- - T 3 r oot admi n 12324 J ul y 20 2006 12: 30 dat a
St i cky Bi t appear s by t char act er i n execut e posi t i on. I f t
appear i n smal l case i t means wi t h execut e per mi ssi on and
i f t appear s i n T t hen i t means wi t hout execut e per mi ssi on.
Assigning Permission on individual User/Group basis
Ther e i s anot her commands set f acl and get f acl commands,
whi ch set s t he per mi ssi on t o i ndi vi dual user or t o
i ndi vi dual gr oup.
#get f acl f i l ename or di r ect or y : Di spl ays t he per mi ssi on
assi gned t o user s and gr oups.
# set f acl - m u: user 10: r wx f i l ename/ di r ect or y : Whi ch set s
t he r ead, wr i t e and execut e per mi ssi on t o user 10
# set f acl m g: admi n: r wx f i l ename/ di r ect or y: Whi ch set s t he
r ead, wr i t e and execut e per mi ssi on t o admi n gr oup member .
#set f acl x u: user 10 f i l e/ di r ect or y : Whi ch r emoves t he
per mi ssi on assi gned t o user user 10
RH302


- 96 -
# set f acl x g: admi n f i l e. di r ect or y
Remember t hat t o assi gn t he per mi ssi on wi t h acl f i l esyst em
shoul d mount wi t h acl opt i on.
RH302


- 97 -
NIS Client Configuration
NI S ( Net wor k I nf or mat i on Ser ver ) i s a t r adi t i onal di r ect or y
ser vi ce, use f or cent r al i zed t o manage user account s. Usi ng
NI S, you can t appl y al l pol i cy f or user .
NI S i s a RPC ( Remot e Pr ocedur e Cal l ) Ser vi ce needs t o r un
por t map ser vi ce al so i n ser ver . As wel l as NI S i s not based
on DNS ( Domai n Name Ser vi ces) , i t i s di r ect l y bi nd t he
domai n name wi t h I P Addr ess.
For RHCT, you shoul d know how t o conf i gur e t he NI S Cl i ent
i n al r eady ser ver conf i gur ed envi r onment .
Let conf i gur e t he NI S Cl i ent by t aki ng some NI S ser ver
I nf or mat i on:
i . NI S domai n name i s exampl e. com
i i . NI S Ser ver i s 192. 168. 0. 254
i i i . NI S user s home di r ect or y i s i n / ni suser s
a. Type aut hconf i g or syst em- conf i g- aut hent i cat i on
command
RH302


- 98 -

b. Sel ect on use NI S t hen cl i ck on Next
c. Type Domai n : exampl e. com
d. Ser ver : 192. 168. 0. 254

e. Cl i ck on ok
I t means user s ar e aut hent i cat ed f r om t he NI S ser ver
192. 168. 0. 254. When user l ogi n on your Cl i ent machi ne, home
di r ect or y shoul d pr esent i n l ogged on syst em.
I al r eady wr i t t en about t he Aut omount f eat ur e. We can mount
t he user s home di r ect or y i n cl i ent machi ne t o make pr esent
user s home di r ect or y.
a. mkdi r / ni suser s
RH302


- 99 -
b. vi / et c/ aut o. mast er
/ ni suser s / et c/ aut o. home - - t i meout =60
Thi s l i ne speci f y t he mount poi nt by r eadi ng / et c/ aut o. home
as wel l as unmount t he / ni suser s i f user doesn t use wi t hi n
60 seconds.
c. vi / et c/ aut o. home
* - r w, sof t , i nt r 192. 168. 0. 254: / ni suer s/ &
Whi ch l i ne speci f y t o mount al l t he cont ent s of / ni suser s
di r ect or y f r omser ver .
d. ser vi ce aut of s r est ar t : aut of s ser vi ce cont r ol s t he
aut o mount f eat ur e of l i nux syst em. Af t er changi ng
conf i gur at i on, need t o r est ar t t he aut of s ser vi ce.
e. Now l ogi n as ser ver s user s.
RH302


- 100 -
Managing Printer
CUPS ( Common Uni x Pr i nt i ng Syst em) t he def aul t pr i nt i ng
ser vi ce i n Redhat Ent er pr i se Li nux suppor t s many f eat ur es
l i ke I PP ( I nt er net Pr i nt i ng Pr ot ocol ) based ser vi ce, can
cont r ol pr i nt i ng j obs et c.
a. I nst al l i ng Local l y connect ed pr i nt er
- Type syst em- conf i g- pr i nt er command

- Cl i ck on New
- Type Queue Name ( Pr i nt er Name)
- Sel ect Queue Type
In GUI You will get the screen like:
RH302


- 101 -

you shoul d sel ect l ocal l y connect ed i f pr i nt er i s
l ocal l y connect ed

I f your Pr i nt er ser ver i s Uni x based t hen you shoul d
sel ect Uni x Pr i nt Queue
I n GUI ver si on of Pr i nt er Management t ool you wi l l get
Net wor k CUPS and Uni x LPD, i f CUPS i s usi ng as
pr i nt i ng ser ver , you shoul d use t he Net wor k CUPS and
i f LPRng i s usi ng you shoul d use Uni x LPD.
When you use CUPS speci f y t he ser ver and pr i nt er name
/ pr i nt er s/ pr i nt er name and when LPRng i s usi ng use
ser ver and j ust pr i nt er name
RH302


- 102 -

I f your Pr i nt er ser ver i s Wi ndows based t hen you
shoul d sel ect Wi ndows Pr i nt Queue
I f your Pr i nt er Ser ver i s Novel l based t hen you shoul d
sel ect Novel l pr i nt er
I f your Pr i nt er i s st andal one pr i nt er sel ect J et di r ect
Pr i nt queue.
When you sel ect Local pr i nt er devi ce, you need t o gi ve
t he devi ce name wher e your pr i nt er i s connect ed. I f your
pr i nt er i s connect ed i t par al l el por t use / dev/ l p0 i f
pr i nt er connect ed on usb t he use / dev/ usb/ l p0.
I f you ar e goi ng t o i nst al l t he Net wor k based pr i nt er ,
you need t o pass t he pr i nt er ser ver name and pr i nt queue
name.
RH302


- 103 -

Whi l e speci f yi ng devi ce or ser ver and queue name, you
need t o sel ect t he manuf act ur er and model of pr i nt er .

Sel ect t he Manuf act ur er and Model t hen cl i ck cl i ck on
next .
Cl i ck on Fi ni sh
CUPS pr i nt i ng ser vi ce i s cont r ol l ed by cups daemon.
RH302


- 104 -
Whi l e you st ar t t he cups ser vi ce i t r eads t he f i l e
o / et c/ cups/ pr i nt er s. conf
o / et c/ cups. cupsd. conf
/ et c/ cups/ pr i nt er s. conf f i l e cont ai ns al l pr i nt er s name and
ot her pr i nt er r el at ed par amet er s.
/ et c/ cups/ cupsd. conf i s t he mai n conf i gur at i on f i l e.
Managing Printer through HTTP
CUPS has new f eat ur e t hat can manager t hr ough Br owser .
Type ht t p: / / l ocal host : 631 on your br owser

Now you wi l l get t he mai n cups page f r om wher e you can
manage j obs, pr i nt er cl ass, queues et c.
Her e I m goi ng t o show you how t o i nst al l t he net wor k
based pr i nt er .
RH302


- 105 -
When you get t he CUPS mai n page, cl i ck on Manager
Pr i nt er s
Cl i ck on Add pr i nt er
Type r oot and passwor d

Type Queue Name, Locat i on and Descr i pt i on t hen
cont i nue
Sel ect Devi ce f or pr i nt er , i f you ar e goi ng t o i nst al l
net wor k based pr i nt er t hen sel ect ei t her ht t p or i pp.

Type Devi ce URL or Addr ess
Exampl e: ht t p: / / ser ver 1. exampl e. com/ pr i nt er s/ pr i nt er 1
RH302


- 106 -

Above exampl e shows t hat i nst al l i ng net wor k based
pr i nt er i nst al l ed i n ser ver 1. exampl e. com named
pr i nt er 1.
Sel ect Manuf act ur er as wel l as Model
Cl i ck on Fi ni sh
Now You can t est usi ng t he some pr i nt i ng command.
Commands Descr i pt i on
l pr Sends Pr i nt i ng j ob t o pr i nt er
Lpq Pr i nt s al l pr i nt i ng queue of pr i nt er
l pr m Removes t he queue of pr i nt er
The X Window System
X Wi ndows Syst em i s t he f oundat i on cl ass, whi ch pr ovi des
t he Gr aphi cal User I nt er f ace on Li nux. X Wi ndow syst em i s
RH302


- 107 -
ver y f l exi bl e and mor e t r anspar ent , whi ch devel oped on
cl i ent and ser ver ar chi t ect ur e.
On Redhat Ent er pr i se Li nux, X wi ndow Syst em i s t he syst em
havi ng mul t i pl e Deskt op Envi r onment , Di spl ay Manager and
Fi l e Manager .
i . GNOME i s t he def aul t deskt op on Redhat Ent er pr i se
Li nux.
i i . KDE anot her execel l ent Deskt op on Redhat Ent er pr i se
Li nux.
Di f f er ent deskt op havi ng di f f er ent Di spl ay Manager .
i . GDM Di spl ay Manager of GNOME
i i . KDM Di spl ay Manager of KDE
i i i . XDM Di spl ay Manager of X Wi ndow
Si mi l ar l y, t her e ar e di f f er ent f i l e manager met aci t y f or
GNOME, kwmf or KDE and f or X wi ndow Syst em.
Gl obal Def aul t deskt op and di spl ay manager i s speci f i ed
i n / et c/ sysconf i g/ deskt op f i l e.
DI SPLAYMANAGER=KDE
DESKTOP=KDE
Whi ch cal l s by / et c/ X11/ pr ef dm scr i pt s execut es on X
wi ndow syst eml oadi ng t i me.
User can cr eat e user speci f i c def aul t deskt op t hen gl obal
set t i ngs usi ng switchdesk command. Whi ch cr eat es
~/ . Xcl i ent s and ~/ . Xcl i ent s- def aul t f i l e. Whi l e user
RH302


- 108 -
l ogi n i nt o GUI f i r st checks whet her user speci f i c def aul t
deskt op i s speci f i ed or not . I f exi st s l oads t he user s
deskt op ot her wi se r eads f r om / et c/ sysconf i g/ deskt op and
l oads t he def aul t deskt op speci f i ed i n gl obal f i l e.
#swi t chdesk GNOME
When Di spl ay Manager i s GDM, i t appear s as bel ow f i gur e.

When Di spl ay Manager i s kdm, Logi n Scr een appear s as
f ol l ow f i gur e

RH302


- 109 -

When Di spl ay Manager i s xdm, Logi n Scr een appear s as
f ol l ow f i gur e

To st ar t t he X wi ndow Syst em, r unl evel shoul d be 5 or
manual l y can l oad by usi ng st ar t x command
# i ni t 5
#st ar t x
Whi l e Loadi ng X Wi ndow Syst em, You can f ace di f f er ent
Pr obl em.
i . Mi sconf i gur at i on of Vi deo car d, Moni t or , Resol ut i on
et c.
Af t er I nst al l at i on, you can conf i gur at i on Vi deo car d,
Moni t or t ype, Resol ut i on et c by usi ng
# system-config-display command.
RH302


- 110 -

When you sel ect t he Opt i ons , i t wi l l wr i t e i n
/ et c/ X11/ xor g. conf f i l e. Whi l e l oadi ng t he GUI i t checks
t he conf i gur at i on i n / et c/ X11/ xor g. conf f i l e. I f f i l e i s
mi ssi ng i t gi ves pr obl emat t hat t i me you can sol ve usi ng
syst em- conf i g- di spl ay command.
Si mi l ar l y xf s ser vi ce pr ovi des t he ser ver of f ont
r ender i ng f or Gr aphi cal I nt er f ace. You shoul d check
whet her t hi s ser ver i s r unni ng or not .
# ser vi ce xf s st at us
#ser vi ce xf s st ar t
RH302


- 111 -
Software RAID (Redudant Array of Inexpensive
Disks)
Whi l e you use t he si ngl e di sk t o st or e dat a what wi l l
happen i f your di sk cr ashed. You l ose al l dat a f r om your
di sk. Yes, RAI D i s comes her e f or f aul t t ol er ance. I f you
ar e st or i ng t he dat a i n RAI D devi ce, dat a i s avai l abl e i f
one di sk become f ai l .
Ther e di f f er ent l evel of RAI D gener al l y we use RAI D Level
0, RAI D Level 1 and RAI D Level 5 i n our dai l y wor ks.
RAID Level 0 Also called stripping without parity
RAI D l evel i s cal l ed st r i ppi ng i t s l i ke vol ume, whi ch i s
combi nes of mul t i pl e di sks.

Disk 1
10GB
Disk 2
10 GB
Volume
Disks
20 GB
RH302


- 112 -
See on t he above Fi gur e t hat when you use t wo di sks i n
RAI D Level 0, you wi l l get new vol ume wi t h combi ned si ze
of t wo di sks.
Usi ng t he RAI D Level 0 i s j ust t o make Vol ume or t o
i ncr ease t he per f or mance of di sk.
RAID Level 1 : Mirroring
RAI D Level 1 i s cal l ed Mi r r or i ng, when you wr i t e t he dat a
i t wr i t es i n mor e t hen one di sks at a t i me. So, when one
di sk become f ai l , dat a can r ecover f r omanot her di sk.
RH302


- 113 -

When you conf i gur e t he RAI D Level 1, i t aut omat i cal l y
mi r r or s t he dat a wr i t t en on one di sk i nt o anot her di sk.
So one di sk i s used t o wr i t e mi r r or ed dat a. When one di sk
cr ashed, dat a can r ecover f r om anot her di sk. For RAI D
Level 1 mi ni mum2 di sks ar e r equi r ed.
RAID Level 5 : Stripping with Parity
RAI D Level 5 i s cal l ed St r i ppi ng wi t h Par i t y, when you
wr i t e t he dat a i t wr i t es par i t y i nf or mat i on i nt o anot her
di sk. So, when one di sk becomes f ai l , dat a can r ecover
f r om anot her di sk. I n compar i son wi t h RAI D Level 1, RAI D
Level 5 has good dat a r ead per f or mance. But f or RAI D
Level 5 mi ni mum3 di sks ar e r equi r ed.

Disk 1
10GB
Disk 2
10 GB
Volume
Disks
10 GB
Disk 1
10GB
Disk 2
10 GB
Disk 3
10 GB
RH302


- 114 -

When you conf i gur e t he RAI D Level 5, i t wr i t es t he par i t y
i nf or mat i on i nt o anot her di sk, so when one di sk cr ashed,
dat a can r ecover f r omanot her di sk.

Creating RAID Level 0
#mdadm C / dev/ md0 - - l evel =0 - - r ai d- devi ces=2 / dev/ hda1
/ dev/ hdb1
usi ng mdadmcommand can cr eat e t he RAI D devi ce. The above
exampl e cr eat es t he Fi r st RAI D devi ce md0 usi ng / dev/ hda1
and / dev/ hdb1 devi ces.
/ dev/ hdb1 - - spar e- devi ces=1 / dev/ hdc1
Whi ch cr eat es t he devi ce / dev/ md0 of RAI D Level 1. When
we wr i t es dat a i nt o / dev/ md0 i t mi r r or i nt o hda1 and
Volume
Disks
20 GB
RH302


- 115 -
hdb1 bot h devi ces. As wel l as one di sk speci f i ed t he
spar e di sk, whi ch aut omat i cal l y used when di sk ei t her
hda1 or hdb1 become cr ashed i n RAI D Ar r ay.
/ dev/ hdb1 / dev/ hdc1 - - spar e- devi ces=1 / dev/ hdd1
Whi ch cr eat es t he devi ce md0 of RAI D Level 5. When we
wr i t es t he dat a i nt o md0 devi ce i t uses di sks t o wr i t e
dat a as wel l as one di sk i s used t o wr i t e t he par i t y
i nf or mat i on.
Remember that you need to create these partitions in
Software RAID Type with System ID FD.

Af t er Cr eat i ng t he RAI D Devi ce, you need t o cr eat e t he
f i l esyst em
#mkf s t ext 3 / dev/ md0
Or
# mke2f s j / dev/ md0
Mounting RAID Device
# mkdi r / dat a
#mount / dev/ md0 / dat a
RH302


- 116 -
You need t o wr i t e i nt o / et c/ f st ab f i l e t o mount
aut omat i cal l y at boot t i me
/ dev/ md0 / dat a ext 3 def aul t s 0 0
Checking RAID Status:
# mdadm --detail /dev/md0
Simulating fail of RAID Array Disk
#mdadm --set-faulty /dev/md0 /dev/hda1
Removing failed Disks from RAID Array
#mdadm --remove /dev/md0 /dev/hda1
Adding New Disk into RAID Array
#mdadm --add /dev/md0 /dev/hdd1

Creating RAID Device At installation Time
See sample Here
RH302


- 117 -

At I nst al l at i on t i me al so you can cr eat e t he RAI D devi ce.
J ust you need t o cr eat e t he par t i t i ons wi t h Sof t war e RAI D
Fi l eSyst em Type. Af t er t hat cl i ck on RAI D but t on. Then
t ype t he mount poi nt , choose f i l e syst em t ype, RAI D
devi ce, RAI D Level , RAI D member s and t ype t he number of
di sks used as spar e di sks.
See sample here

RH302


- 118 -

RH302


- 119 -
Logical Volume Manager (LVM)
I woul d l i ke t o i nt r oduce about LVM t hr ough t he exampl e :
I cr eat ed / usr par t i t i on wi t h si ze 5000 MB and / var / wi t h
1000 MB. Af t er some t i me you r equi r e mor e space i n / var /
due t o l og f i l e management , you have f r ee space i n / usr .
Can you manage t he space of par t i t i on by dynami cal l y
i ncr easi ng or decr easi ng t he si ze of par t i t i ons. Nor mal l y
no, you need t o cr eat e t he LVM.
I n LVM you need t o cr eat e t he Physi cal vol ume, Vol ume
Gr oup and Logi cal Gr oup.
Creating Logical Volume
i . Cr eat e t he par t i t i ons havi ng 8e syst emI D.
i i . Synchr oni ze wi t h par t i t i on t abl e usi ng par t pr obe
command
Create the Physical Volume
Fi r st St eps of cr eat i ng t he Logi cal Vol ume i s by cr eat i ng
t he Physi cal Vol ume. Onl y t he physi cal Vol ume di sks can
be member of Vol ume Gr oup.
#pvcr eat e / dev/ hda12 / dev/ hda13 : Thi s exampl e cr eat es
t he / dev/ hda12 as wel l as / dev/ hda13 as a physi cal
Vol ume.
Creating Volume Group
Vol ume Gr oup i s t he gr oup name of al l member havi ng
combi ned si ze of al l bel ongs physi cal Vol ume.
RH302


- 120 -
# vgcr eat e vol 0 / dev/ hda12 : Thi s exampl e cr eat es t he
vol 0 Vol ume Gr oup named vol 0 wi t h t he member of
/ dev/ hda12.
Creating Logical Volume
Logi cal Vol ume i s t he di st r i but ed Vol ume of Vol ume Gr oup.
We use t he Logi cal Vol ume.
# l vcr eat e n dat a1 L 50M vol 0 : Thi s exampl e cr eat es
t he Logi cal vol ume named dat a1 wi t h t he si ze 50M.
Si mi l ar l y you can cr eat e mul t i pl e Logi cal vol ume on same
Vol ume Gr oup.
# l vcr eat e n dat a2 L 100M vol 0 : Whi ch cr eat es t he
second Logi cal Vol ume named dat a2 wi t h 100M si ze.
Now t o use t he Logi cal Vol ume you need t o cr eat e t he f i l e
syst emon Logi cal Vol ume.
# mkf s t ext 3 / dev/ vol 0/ dat a1
#mkf s t ext 3 / dev/ vol 0/ dat a2
Now mount t he Logi cal Vol ume
#mount t ext 3 / dev/ vol 0/ dat a1 / dat a1
#mount t ext 3 / dev/ vol 0/ dat a2 / dat a2
I f you want mount aut omat i cal l y at boot t i me you need t o
wr i t e i n / et c/ f st ab f i l e.
RH302


- 121 -
/ dev/ vol 0/ dat a1 / dat a1 ext 3 def aul t s 1 2
As I descr i bed t he f eat ur e of Logi cal Vol ume, we can
r esi ze Logi cal Vol ume dynami cal l y. Let s i ncr ease or
decr ease t he si ze of Logi cal Vol ume and br i ngs on onl i ne.
# l vext end L+20M / dev/ vol 0/ dat a1 : Whi ch i ncr ease t he
si ze of Logi cal Vol ume dat a1 by 20M.
I f you check t he si ze usi ng df command of di r ect or y
/ dat a1 , you wi l l get t he i ni t i al si ze, i f you want as
same as Logi cal Vol ume, you need t o br i ng t he Logi cal
Vol ume onl i ne by usi ng t he ext 2onl i ne command.
# ext 3onl i ne d / dev/ vol 0/ dat a1
Now / dat a1 di r ect or y knows t hat t he si ze of dat a1 Logi cal
Vol ume i s 70M. You can ver i f y by usi ng t he df command.
You can di spl ay t he pr oper t i es of Logi cal Vol ume, Vol ume
Gr oup, Logi cal Vol ume by usi ng
pvdi spl ay, vgdi spl ay and l vdi spl ay command.
Exampl e:
#pvdi spl ay / dev/ hda12
#vgdi spl ay vol 0
#l vdi spl ay / dev/ vol 0/ dat a1
RH302


- 122 -
Si mi l ar l y you can use l vr esi ze command t o r esi ze as wel l
as vgext end t o add new physi cal vol ume i nt o t he Vol ume
Gr oup.
Exampl e:
I f you want t o add / dev/ hda13 i nt o t he Vol ume vol 0
#vgext end vol 0 / dev/ hda13
Ver i f y usi ng t he vgdi spl ay command.
Configuring LVM at Installation Time
I f you want t o conf i gur e t he LVM at I nst al l at i on t i me,
j ust cr eat e t he par t i t i ons havi ng Logi cal Vol ume Fi l e
Syst em. Then cl i ck on LVM, speci f y t he Vol ume Gr oup.

Af t er speci f yi ng t he Vol ume Gr oup Name, Cl i ck on Add
but t on and t ype Logi cal Vol ume name, mount poi nt , si ze
and f i l esyst em.
RH302


- 123 -

RH302


- 124 -
Implementing User Quotas

Quot a keeps i ndi vi dual user or gr oup f r omoccupi ed al l
space avai l abl e on t he i ndi vi dual par t i t i ons.
Admi ni st r at or can appl y t he quot as pol i cy per user or per
gr oup basi s on number of bl ocks or number of i nodes.
Her e I mgoi ng t o i mpl ement t he quot a on user s home
di r ect or y. We can appl y t he r ul es of how much i ndi vi dual
user can occupi ed t he space or how many i nodes can use.
Quot a f eat ur e i n i mpl ement ed i n Li nux Ker nel j ust you
have t o enabl e on f i l e syst emusi ng usr quot a or gr pquot a
opt i ons whi l e mount i ng t he f i l e syst em.
At boot t i me t o mount t he f i l esyst emr c. sysi ni t r eads t he
f i l e / et c/ f st ab f i l e so you shoul d speci f y t he opt i on i n
t hi s f i l e.
LABEL=/ home / home ext 3
def aul t s, usr quot a, gr pquot a 1 2
usr quot a opt i ons enabl e t he user quot a on / home f i l e
syst emand gr pquot a opt i on enabl e t he gr oup quot a on
/ home f i l e syst em.
To enabl e t hi s opt i ons ei t her you shoul d r eboot t he
syst emor r e- mount t he f i l e syst em.
# mount o r emount / home
RH302


- 125 -
Now cr eat e t he bl ank f i l e t o st or e t he i nf or mat i on of
user quot a and gr oup quot a i nf or mat i on.
#t ouch / home/ aquot a. user
#t ouch / home/ aquot a. gr oup
Now i ni t i al i ze t he quot a dat abase of user and gr oup usi ng
t he quot acheck command.
# quot acheck ugf m/ home
By def aul t user quot a opt i on onl y enabl e so i f you ar e
goi ng t o i mpl ement gr oup quot a, you shoul d use t he g
opt i on.
# quot aong ug / home
J ust on t he quot a on / home f or user and gr oup
I f you want t o of f t he quot a use t he quot aof f command
Now set t he pol i cy f or user and gr oup usi ng t he edquot a
command.
# edquot a u user 1 / home
Disk quotas for user ez (uid 504)
Filesystem blocks soft hard inodes soft hard
/dev/hdda6 300 400 500 20 0 0
I n t he above exampl e, user 1 al r eady occupi ed 300 KB, and
now set t he 400 sof t l i mi t t o gi ve t he war ni ng and 500 KB
RH302


- 126 -
i s t he har d l i mi t t hat user user 1 can t exceeds t he har d
l i mi t .
Si mi l ar l y you can set t he quot a l i mi t by usi ng t he number
of i nodes. J ust speci f y t he har d l i mi t and sof t l i mi t on
i nodes.
Si mi l ar l y we can set t he quot a t o gr oup member .
#edquot a up user 1 user 2 user 3 user 4 : Whi ch t r ansf er t he
pol i cy of user 1 t o ot her user user 2 user 3 and user 4.
Monitoring Quota of users
#r epquot a / home : Whi ch r epor t s t he quot a i nf or mat i on of
/ home
#quot a user name : Whi ch r epor t s t he quot a i nf or mat i on of
i ndi vi dual user .
RH302


- 127 -
Troubleshooting
I n r eal t i me wor ki ng you can get di f f er ent t ypes of
pr obl emand shoul d f ace as wel l as sol ve. I can t expl ai n
what pr obl emwi l l you f ace. Her e I t r y t o expl ai n some
i mpor t ant f i l e as wel l as i mpor t ant par amet er s of f i l es.
1. Troubleshooting with networking:
i . Check whet her f i l e / et c/ sysconf i g/ net wor k f i l e exi st s
of not as wel l as t hi s par amet er
NETWORKI NG=yes
HOSTNAME=?
GATEWAY=?
NI SDOMAI N=?
i i . Check t he i nt er f ace conf i gur at i on f i l e
/ et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h0
DEVI CE=et h0
ONBOOT=yes
BOOTPROTO=st at i c OR dhcp
I PADDR=x. x. x. x
NETMASK=x. x. x. x
GATEWAY=x. x. x. x
RH302


- 128 -
# check whet her devi ce i s down
# i f conf i g, i f down et h0, i f up et h0 et c
i i i . Check Whet her Modul e of devi ce i s l oaded or not
usi ng l smod command and t r y t o manage modul es usi ng
i nsmod, r mmod, deopmod, modpr obe command.
i v. Check al i ases i s cr eat ed or not i n / et c/ modul es. conf
f i l e
v. Check t he Rout i ng Tabl e or Gat eway
# r out e n command
Remove i f i ncor r ect r out i ng t abl e i s added usi ng r out e
add command.
# r out e add net x. x. x. x net mask x. x. x. x gw x. x. x. x
# r out e del net x. x. x. x net mask x. x. x. x gw x. x. x. x
2. Troubleshooting with X Window System
Somet i me you wi l l f ace pr obl emwhi l e boot i ng t he syst em
i n Runl evel 5. Ther e ar e some cases, i n whi ch you f ace
pr obl emwhi l e l oadi ng t he GUI .
i . Check whet her f i l e / et c/ X11/ xor g. conf
i i . I f doesn t exi st s conf i gur e Vi deo car d, moni t or ,
r esol ut i on et c usi ng syst em- conf i g- di spl ay.
i i i . Check whet her xf s ser vi ce i s r unni ng or not .
i v. Check t he def aul t r unl evel
v. Check whet her Har d l i mi t quot a i s t ouched.
3. Troubleshooting with System Boot
RH302


- 129 -
Thi s i s t he most i mpor t and most gi ve mi nd t o sol ve t he
boot r el at ed pr obl em. You shoul d whi ch, whi ch f i l es used
at boot t i me and how t o t r oubl eshoot .
i . Boot l oader
Check whet her MBR ( Mast er Boot Recor d) i s cr ashed, i f MBR
become cr ashed, Boot l oader can t l oad OS, whet her Boot
l oader i s mi s- conf i gur ed ?
I f pr obl emwi t h boot l oader , check t he conf i gur at i on.
When you boot t he syst em, you wi l l get t he gr ub scr een t o
sel ect Oper at i ng Syst emf r omt he Li st .
I n gr ub scr een t her e l ot s of opt i on avai l abl e. Pr ess c
f or Gr ub Pr ompt , e t o edi t t he par amet er s, b t o boot , a
t o append et c.
See t he sampl e of gr ub pr ompt ,
Gr ub>r oot ( hd0, 0)
Gr ub>ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et
gr ub> i ni t r d / i ni t r d- 2. 6. 9- 5. EL. i mg
Gr ub>boot
Now i f passed par amet er s ar e cor r ect , you successf ul l y abl e
t o boot t he Syst em.

Si mi l ar l y use di f f er ent shor t cut s t o edi t or t r oubl e shoot .
Li ke e, a et c.

RH302


- 130 -
I f you f or get t he r oot s passwor d what you wi l l do ? I
al r eady expl ai ned t hat t her e ar e di f f er ent r unl evel s. You
need t o boot your syst emi n Si ngl e user mode.
J ust pr ess t he a key i n gr ub scr een
You wi l l get l i ne l i ke:

ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et s
Type s at t he end of l i ne t hen pr ess ent er key, now your
syst emwi l l boot i n si ngl e user mode, r oot wi l l
aut omat i cal l y l ogged i n bash shel l , j ust change t he
passwor d and boot .

I f boot l oader cr ashed, you need t o r e- i nst al l new boot
l oader . At t hat t i me, you need t o st ar t t he syst emi n
Rescue mode.
Booting system in Rescue Mode
i . St ar t t he syst emwi t h RHEL 4 1
st
CD or boot . i so cd
You will get the screen like this
RH302


- 131 -

i i . Type l i nux r escue i n boot pr ompt .
i i i . Sel ect t he Gener al Opt i ons
i v. Sel ect opt i on t o use or not t o use Et her net car d and
assi gn t he I P Addr ess
v. Cl i ck on Cont i nue
vi . Check t he message t hat , pr evi ous par t i t i ons ar e
mount ed i n / mnt / sysi mage di r ect or y.
vi i . Now change t he Root f i l e syst em
# chr oot / mnt / sysi mage
Now I nst al l t he Boot l oader
# gr ub- i nst al l / dev/ hda
RH302


- 132 -
i i . Ker nel Fi l e : Check whet her Ker nel f i l e i s cr ashed
or r emoved f r omt he syst em, at t hat t i me, you can
i nst al l at r escue mode.
i i i . Check t he i ni t conf i gur at i on f i l e / et c/ i ni t t ab
conf i gur at i on
i v. Check t he / et c/ f st ab t hat wr i t i ng i n i n- pr oper ways
or wr i t i ng i n- pr oper f i l e syst em. Remember t hat when
pr obl emi n / et c/ f st ab f i l e, syst emwi l l boot i n
emer gency mode, t hat i s cal l ed f i l e syst em
mai nt enance mode. you can manual l y boot t he syst em
i n emer gency mode
Gr ub>ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et
emer gency
J ust pr ovi de t he r oot passwor d, r emount t he r oot ( / )
f i l esyst emi n r ead and wr i t e mode, edi t t he / et c/ f st ab
f i l e.

RH302


- 133 -
Section 3
RedHat Certified Engineer (RHCE)
Preparation
Can Configure DNS Master Server ?
Can Configure and Maintain Slave DNS server ?
Can Configure DNS Global Options ?
Can Configure FTP Server ?
Can deny or allow real user or anonymous login via FTP
?
Can Configure NFS server as per needs ?
Can Configure NFS Client ?
Can Share Data through Samba for Windows Users ?
Can Share with Different Security Options ?
Can Share with user or hosts based Authentication ?
Can Share as per user needs ?
Can Configure Sendmail Server ?
Can Configure procmail and fetchmail ?
Can Configure Apache Web server for IP based web site
hosting ?
Can Configure Apache web server for Name based web
site hosting ?
Can Configure Apache web Server with user or hosts
based Authentication ?
RH302


- 134 -
Can Configure Apache web server by implementing SSL ?
Can Configure Squid Proxy Server ?
Can Configure NIS Master and Slave Server ?
Can Configure Time, Origin based Login ?
Can Limit number of process or logins to users ?
Can Secure Stand Alone with TCP_Wrappers ?
Can Secure Transient Services with TCP_Wrappers ?
Can Secure Transient Services with xinetd mechanism ?
Can you Configure the Iptables firewall ?
RHCE is the 100% practical Exam so you should know every
thing above mentioned topics.
RH302


- 135 -
Domain Name Server (DNS)
Fi r st you shoul d know what DNS wi l l do, I woul d l i ke
t o go t hr ough by exampl e, when you t r y t o access t he
www. t est ki ng. com, i t wi l l wor k and easy t o r emember . But
syst em wor ks on t he basi s of Logi cal Addr ess cal l ed I P
Addr ess but di f f i cul t t o r emember 202. 2. 2. 2 et c. So t her e
wi l l DNS comes, whi ch conver t s t he Name t o I P and I P t o
Name as wel l as def i ne t he Mai l Exchanger of t he Domai n.
i . Resol ve t he host name i nt o I P Addr ess cal l ed For war d
Lookup
i i . Resol ve t he I P Addr ess i nt o host name cal l ed Rever se
Lookup

I n Redhat Ent er pr i se Li nux, BI ND ( Ber ker enl y I nt er net
Name Domai n) i s used as a DNS Syst em, whi ch i s wor l d s
most used Sof t war e.
Lets go through by example of configuring the Forward
Lookup:
Fi r st you need t o def i ne t he zone, whi ch i s cal l ed t he
par t of domai n. Al l zone i nf or mat i on wi l l wr i t e i nt o
/ et c/ named. conf .
#vi / et c/ named. conf
zone exampl e. com I N {
t ype mast er ;
RH302


- 136 -
f i l e exampl e. com. zone;
};
Figure of /etc/named.conf

Gener al l y DNS ser ver ar e i n t wo t ypes one i s cal l ed
mast er , whi ch has al l conf i gur at i on dat a and anot her i s
cal l ed sl ave, whi ch has t he backup of mast er
conf i gur at i on. When Mast er DNS become f ai l s, sl ave
pr ovi des t he ser vi ce t o cl i ent .
# named- checkconf : whi ch checks t he conf i gur at i on of
/ et c/ named. conf conf i gur at i on
RH302


- 137 -
/ et c/ named. conf i s t he f i l e wher e we wr i t e t he zone, t ype
of zone and dat abase of zone conf i gur at i on. I f you check
i n t hi s f i l e at t he t op t her e i s gl obal opt i ons, whi ch
speci f i ed t he di r ect or y opt i ons i n / var / named di r ect or y.
Now you need t o cr eat e t he exampl e. com. zone f i l e i nt o
/ var / named di r ect or y.
But t hi s i s t he changes f r om RHEL 3 t o RHEL 4, i n RHEL 3
DNS r uns on / r oot di r ect or y but i n RHEL 4 r oot di r ect or y
of DNS i s separ at ed usi ng t he chr oot means f r om now DNS
has i t s own r oot di r ect or y.
Whi ch i s def i ned i n / et c/ sysconf i g/ named f i l e
ROOTDI R=/ var / named/ chr r oot
Let s go t o cr eat e t he zone dat abase f i l e:
Gener al l y i t st or e t he i nf or mat i on i n f ol l owi ng synt ax:
[ domai n] [ t t l ] [ cl ass] [ t ype] [ r dat a]
Wher e domai n speci f y domai n name, t t l t i me t o l i ve how
much i nf or mat i on shoul d be cashed, cl ass r ecor d
cl assi f i cat i on usual l y I N means I nt er net , t ype, Recor d
Type ei t her SOA, MX of A and r dat a speci f y dat a f or
r ecor d.
#vi / var / named/ chr oot / var / named/ exampl e. com. zone
$TTL 3434
@I N SOA exampl e. com. admi n. exampl e. com. (
RH302


- 138 -
100; Ser i al Number
1H; Ref r esh Ti me
1M; Ret r y Ti me
1W; Expi r e Ti me
1D; Mi ni mumTi me t o Li ve
)
@I N NS 192. 168. 0. 1
@I N NS 192. 168. 0. 2
www I N A 192. 168. 0. 3
f t p I N A 192. 168. 0. 4
I n Fi r st Li ne def i ned t he Ti me t o Li ve on cache Name
ser ver , Cache name ser ver st or es t he l ookup i nf or mat i on
i nt o t he cached and gi ves r epl y t o cl i ent r at her t han
l ookup t i mes t o t i mes.
Her e @ symbol i s r ever sed f or zone name exampl e. com, ever y
zone shoul d st ar t wi t h SOA t hat means t hi s i s compl et e
dat abase f or par t i cul ar zone can r epl y t o cl i ent .
admi n. exampl e. com i s t he emai l addr ess t o whi ch DNS shoul d
send t he mai l .
I n DNS dat abase f i l e, t her e ar e f i ve t i me par amet er s
RH302


- 139 -
i . Fi r st i s Ser i al Number Sl ave wi l l t r y t o r ef r esh
wi t h mast er DNS ser ver on def i ned r ef r esh t i me
i nt er val but quest i on i s t hat when sl ave shoul d copy
t he mast er s dat abase f i l e when changes occur r ed i n
mast er ! ! Remember t hat when you made any changes on
mast er , you need t o upgr ade t he Ser i al Number . When
sl ave cont act t o mast er , i t checks ser i al Number , i f
ser i al Number i s updat ed t hen sl ave DNS copy t he
updat ed por t i on f r omMast er .
i i . Ref r esh Ti me : Ti me t o Ref r esh wi t h Mast er DNS
ser ver by Sl ave DNS ser ver
i i i . Ret r y Ti me : Ti me t o r et r y i f f i r st r ef r esh f ai l ed
i v. Expi r e Ti me: Domai n when shoul d expi r e
v. Mi ni mumTi me t o Li ve f or Negat i ve Answer i ng
Now you need t o speci f y t he DNS Name ser ver whi ch speci f i ed
by NS r ecor d.
I conf i gur ed t her e ar e t wo DNS ser ver f or exampl e. com one
i s mast er 192. 168. 0. 1 and anot her i s 192. 168. 0. 2, whi ch i s
sl ave DNS ser ver .
Now you need t o add host on zone by usi ng A Recor d Type.
www I N A 192. 168. 0. 3 Whi ch speci f y t hat www. exampl e. com i s
192. 168. 0. 3 Wher e A r ecor d speci f y Associ at e I P Addr ess.
Now l et s conf i gur e by speci f yi ng t he Mai l Exchanger of
domai n. Mai l Exchanger i s t he host , whi ch i s r esponsi bl e t o
del i ver y t he mai l t o domai n user s.
RH302


- 140 -
$TTL 3434
1H; Ref r esh Ti me
1M; Ret r y Ti me
1W; Expi r e Ti me
)
@I N NS 192. 168. 0. 1
@I N NS 192. 168. 0. 2
www I N A 192. 168. 0. 3
f t p I N A 192. 168. 0. 4
mai l I N A 192. 168. 0. 5
mai l 1 I N A 192. 168. 0. 6
@I N MX 5 mai l . exampl e. com.
@I N MX 10 mai l 1. exampl e. com.
See t he conf i gur at i on, mai l . exampl e. com i s associ at ed
wi t h 192. 168. 0. 5 and mai l 1. exampl e. comi s associ at ed wi t h
192. 168. 0. 6. We can Speci f y t he Mai l Exchanger of domai n
RH302


- 141 -
usi ng MX r ecor d Type, Wher e mai l . exampl e. com i s t he
pr i mar y Mai l Ser ver f or exampl e. com domai n and
mai l 1. exampl e. com i s t he secondar y mai l exchanger whi ch
speci f i ed by t he numer i cal val ue. Fi r st Pr i or i t y wi l l
gi ve t o host havi ng l owest number .
#named- checkzone exampl e. com
/ var / named/ chr oot / var / named/ exampl e. com. zone : whi ch
checks t he conf i gur at i on of
/ var / named/ chr oot / var / named/ exampl e. com. zone
conf i gur at i on.
# ser vi ce named st ar t | r est ar t | st at us
Now conf i gur e t he Cl i ent DNS ser ver
#vi / et c/ r esol v. conf
nameser ver 192. 168. 0. 1
nameser ver 192. 168. 0. 2
#host www. exampl e. com
#nsl ookup f t p. exampl e. com
#di g mai l . exampl e. com
Now i t s t i me t o conf i gur e t he DNS wi t h l oad bal anci ng.
Yes, you access t he www. hot mai l . com si t e what one si ngl e
host can pr ovi de ser vi ce t o mi l l i ons of user at a t i me no
no, you need t o conf i gur e mor e t han one host f or
www. hot mai l . com. BI ND has mechani sm t o r edi r ect t he r equest
t o di f f er ent host s.
RH302


- 142 -

$TTL 3434
1H; Ref r esh Ti me
1M; Ret r y Ti me
1W; Expi r e Ti me
)
@I N NS 192. 168. 0. 1
@I N NS 192. 168. 0. 2
www 0 I N A 192. 168. 0. 3
www 0 I N A 192. 168. 0. 4
www 0 I N A 192. 168. 0. 5
www 0 I N A 192. 168. 0. 6
RH302


- 143 -
Now f our host s ar e conf i gur ed f or www. You need t o
conf i gur e web ser ver i n t hese f our host s t o pr ovi de
ser vi ce i n equal l oad bal anci ng.
J ust check usi ng host command on cl i ent .
Lets go with the Reverse Lookup
Rever se l ookup maps Name i nt o I P Addr ess, when user quer y
usi ng I P your DNS ser ver shoul d r epl y t o cl i ent by
mappi ng i nt o name.
# vi / et c/ named. conf
zone 0. 168. 192. i n- addr . ar pa I N {
t ype mast er ;
f i l e 0. 168. 192. i n- addr - ar pa. zone;
};
I n Rever se Lookup you need t o use t he i n- addr - ar pa
keywor d because I P Addr esses ar e managed by ARPA,
si mi l ar l y speci f i ed t he t ype and f i l e name.
# vi / var / named/ chr oot / var / named/ 0. 168. 192. i n-
addr . ar pa. zone
$TTL 5454
@I N SOA @admi n. t est ki ng. com. (
RH302


- 144 -
1H; Ref r esh Ti me
1M; Ret r y Ti me
1W; Expi r e Ti me
1D; Mi ni mumt i me t o Li ve
)
@I N NS 192. 168. 0. 1
@I N NS 192. 168. 0. 2
3 I N PTR www. exampl e. com.
4 I N PTR f t p. exampl e. com.
5 I N PTR mai l . exampl e. com.
# ser vi ce named st ar t | r est ar t
# host 192. 168. 0. 3
Global Options in /etc/named.conf

di r ect or y : Pat h of di r ect or y use t o conf i gur e t he zone
dat abase f i l e. By def aul t / var / named di r ect or y.
al l ow- quer y : Cl i ent s l i st t o al l ow quer y on DNS ser ver
RH302


- 145 -
al l ow- t r ansf er : Who can be sl ave name ser ver ? Al l owed
host can t r ansf er t he DNS dat abase of Zone i nt o sl ave
ser ver .
For war der s : For war d t o whom i t DNS ser ver unabl e t o
r esol ve t he host .
Exampl e
acl I nt er nal { 192. 168. 0. 0/ 24; 172. 24. 0. 0/ 26; };
opt i ons {
di r ect or y / var / named;
al l ow- quer y { I nt er nal ; };
f or war der s { 202. 2. 2. 2; };
al l ow- t r ansf er { 192. 168. 0. 2; };
I n exampl e I cr eat ed one ACL ( Access Cont r ol Li st ) , whi ch
cont ai ns t wo di f f er ent net wor k. I n di r ect or y opt i ons
def aul t di r ect or y i s wr i t t en so zone dat abase f i l e shoul d
cr eat e on t hi s di r ect or y. host f r om ei t her 0 or 24 net wor k
can quer y t o DNS ser ver , I f DNS ser ver unabl e t o r esol ve
cl i ent r equest i t f or war ds r equest t o next dns ser ver
202. 2. 2. 2 and 192. 168. 0. 2 can be sl ave ser ver by copyi ng
mast er DNS dat abase.
Configuring Slave DNS server
I al r eady ment i oned t hat DNS can be ei t her mast er or sl ave
ser ver . Sl ave pr ovi des t he backup t o Mast er ser ver .
RH302


- 146 -
I n my Conf i gur at i on Exampl e: 192. 168. 0. 1 i s t he mast er and
192. 168. 0. 2 i s t he sl ave ser ver
# vi / et c/ named. conf
zone exampl e. com I N {
t ype sl ave;
mast er s { 192. 168. 0. 1; };
f i l e exampl e. com. zone;
};
I n Mast er you need t o al l ow t r ansf er .
# ser ver named st ar t | r est ar t
May be You unabl e t o t r ansf er t he dat abase f r om mast er t o
sl ave i f t her e i s not wr i t e per mi ssi on t o named gr oup i n
/ var / named/ chr oot / var / named. When you exami ne t he Log f i l e
( / var / l og/ messages) you wi l l get t he er r or s of per mi ssi on
deni ed er r or .

# chmod g+w / var / named/ chr oot /
Now agai n r est ar t t he named ser vi ce, dat abase f i l e wi l l
t r ansf er f r ommast er t o sl ave ser ver .
RNDC ( Remot e Name Daemon Cont r ol ) : Ut i l i t y whi ch cont r ol s
t he Named ser vi ce, whi ch uses t he encr ypt ed key t o manage
RH302


- 147 -
secur e communi cat i on. / et c/ r ndc. conf i s t he mai n
conf i gur at i on f i l e f or r hdc ser vi ce.
# r ndc r el oad : whi ch r el oad t he r ndc by usi ng r ndc
conf i gur at i on f i l e.
I f you f eel t he need t o secur e your DNS ser ver , you l l want
t o change t hi s key. The f ol l owi ng command aut omat i cal l y
set s up a new key i n / et c/ r ndc. key, wi t h a key si ze of 512
bi t s.
# r ndc- conf gen - a - b 512
By def aul t i n Redhat Ent er pr i se Li nux, r oot ser ver comes
wi t h conf i gur at i on, when user sends r equest t o DNS ser ver
ei t her DNS r epl y t o cl i ent or f or war d t he r equest t o
anot her DNS ser ver or sends t he r equest t o r oot name
ser ver , wher e al l DNS r ecor d mai nt ai ned. Her e i s t he
def aul t conf i gur at i on of r oot name ser ver .
zone " . " {
t ype hi nt ;
f i l e " named. ca"
};
RH302


- 148 -

FTP Server Configuration

FTP i s t he f i l e t r ansf er pr ot ocol use t o t r ansf er f i l es
bet ween net wor ks. FTP ser vi ces r uns on por t 20 and 21,
wher e 20 f or dat a and 21 f or user aut hent i cat i on.

I n Redhat Ent er pr i se Li nux vsf t pd ( Ver y Secur ed FTP) i s
used as FTP ser ver . You need t o i nst al l vsf t pd package.
#r pmi vh vsf t pd- *
By def aul t Real User as wel l as Anonymous can Logi n i n FTP
ser ver . Real user Logi n i n user s home di r ect or y and
anonymous l ogi n i n / var / f t p/ di r ect or y.

/ et c/ vsf t pd/ vsf t pd. conf i s t he mai n f t p conf i gur at i on f i l e.
I wi l l go t hr ough t he some conf i gur at i on of vsf t pd. conf

anonymous_enabl e=YES
I f you want t o deny anonymous you can wr i t e
anonymous_enabl e=no
Wher e # symbol i s used comment

l ocal _enabl e=YES
Whet her l ogi n al l ow t o r eal user or not ? I al r eady wr ot e
t hat anonymous as wel l r eal user s ar e al l ow t o l ogi n.
wr i t e_enabl e=yes

Thi s opt i ons enabl e l ogged i n user s t o access f ul l y r oot
f i l esyst emas wel l as can cr eat ed di r ect or y i n f t p pr ompt .
RH302


- 149 -

Local _umask=022
What t o set t he def aul t per mi ssi on of upl oaded f i l es ? By
def aul t set t t i ng 022 means
666
022
- - - - - -
644
So t hi s mask set t he per mi ssi on of
r w- r - - r on upl oaded f i l es.

You Know t hat by def aul t Real user s onl y can upl oad f i l es
i nt o FTP ser ver anonymous can downl oad onl y. Ther e ar e
opt i ons ei t her enabl e t o upl oad t o anonymous or not .

#anon_upl oad_enabl e=YES
#anon_mkdi r _wr i t e_enabl e=YES
I f you want t o enabl e f i l e upl oad by anonymous uncomment
anon_upl oad_enabl e=yes l i ne. But r emember t hat you need t o
cr eat e a di r ect or y wi t h owner shi p of f t p user as wel l as
wr i t e per mi ssi on t o f t p user .

Anonymous user can cr eat e di r ect or y or can wr i t e f r omf t p
pr ompt or not ? i f you uncomment t he l i ne
anon_mkdi r _wr i t e_enabl e=yes, anonymous can cr eat e t he
di r ect or y i n f t p pr ompt .

You want t o di spl ay message on di r ect or y basi s ? When user
changes di r ect or y t hr ough FTP can di spl ay di r ect or y
message. Thi s opt i on enabl e by def aul t .
RH302


- 150 -

di r message_enabl e=YES
To di spl ay di r ect or y message, you need t o cr eat e f i l e
. message and wr i t e message what you want t o di spl ay.

FTP ser ver mai nt ai ns t he l og of upl oadi ng and downl oadi ng
f i l es i n / var / l og/ xf er l og f i l e. Thi s opt i on al so by def aul t
enabl e.

xf er l og_enabl e=YES

FTP ser vi ce uses 20 and 21 Por t , wher e 20 f or f t p dat a and
21 f or user aut hent i cat i on.

connect _f r om_por t _20=YES

#chown_upl oads=YES
#chown_user name=whoever
Owner shi p change or not of upl oaded f i l e havi ng no
owner shi p, exampl e upl oaded by anonymous.
Exampl e:
Chown_upl oads=yes
Chow_user name=user 1
Now Upl oaded f i l es owner shi p wi l l be user user 1.

Denying Certain users logging through FTP
/ et c/ vsf t pd. f t puser s f i l e i s used t o deny t he r eal user s
f or f t p ser vi ce.
Ent er t he user name one per l i ne t o whomyou want t o deny.
RH302


- 151 -
User 1
User 2
User 3
/ et c/ vsf t pd. user _l i st f i l e some t i me used t o deny, some t o
t o al l ow. I F you use
user l i st _enabl e=yes i n vsf t pd. conf f i l e, t hi s f i l e i s used
t o deny, i f user l i st _enabl e=no t hen onl y t he user wr i t t en
i n / et c/ vsf t pd. user _l i st ar e al l owed t o t o access t he f t p
ser vi ce.

Af t er changi ng t he conf i gur at i on r est ar t t he vsf t pd
ser vi ce.
# ser vi ce vsf t pd r est ar t
I f you woul d l i ke t o st ar t vsf t pd ser vi ce aut omat i cal l y at
next r eboot
#chkconf i g vsf t pd on

FTP Client
Ther e ar e di f f er ent ways of accessi ng t he f t p sevi ce. One
way i s usi ng f t p or l f t p cl i ent t ool s.
#f t p ser ver
or
#l f t p u user name ser ver
When you connect to ftp server will get like this prompt
RH302


- 152 -

Some Commands runs in FTP prompt
Commands Description
Put Uploads single file at a time
Mput Can upload multiple files
using wildcard
Get Download Single File
mget Download Multiple Files
mkdir Creates directory from ftp
prompts
Ls List Directory Contents
Pwd Displays absolute Working
path
cd Change Directory
User Allows enter username and
passowrd

I f you enj oy t o wor k wi t h Gr aphi cal User I nt er f ace ver si on,
t her e ar e l ot s of t ool s f or f t p connect i ons. I n Redhat
Ent er pr i se Li nux 5 gFTP and Kget et c appl i cat i ons.
RH302


- 153 -
I n Gnome Cl i ck on Appl i cat i onsI nt er net gFTP

RH302


- 154 -
NFS Server Configuration
NFS ( Net wor k Fi l e Syst em) i s t he st andar d Fi l e shar i ng
ser vi ces i n Li nux and Uni x. Thr ough NFS, we can shar e t he
dat a i n Li nux Envi r onment . Redhat Ent er pr i se Li nux uses NFS
i n bot h ser ver and cl i ent si de.

NFS i s ver y easy t o conf i gur e you need t o j ust wr i t e i n
/ et c/ expor t s f i l e.
Synt ax:
Di r ect or y Cl i ent ( Per mi ssi on)

Exampl e:
/ pub *. exampl e. com( r w, sync)
/ publ i c 192. 168. 0. 0/ 255. 255. 255. 0( r w, sync)
192. 168. 1. 0/ 255. 255. 255. 0( r o, sync)

Cl i ent Li st can speci f y ei t her usi ng I P Addr ess or host
name. *. exampl e. com r epr esent s al l t he member s of
exampl e. com domai n. Si mi l ar l y cl i ent l i st can wr i t e usi ng
I P Addr ess/ subnet mask. I n above exampl e 0 net wor k get s i n
r ead and wr i t e mode as wel l as 1 net wor k get s i n r ead onl y
mode.

Options in NFS:
ro : Shar ed per mi ssi on Read onl y
rw : Shar ed per mi ssi on Read and Wr i t e
sync : Shar ed per mi ssi on i n sync mode
no_root_squash : Remot e r oot user get s per mi ssi on as l ocal
r oot user
all_squash : Al l r emot e user mapped as anonymous user
RH302


- 155 -

Once you've modified /etc/exports, you need to do more. First, this file is simply the
default set of exported directories. You need to activate them with the exportfs -a
command. exportfs r refresh /etc/exports shares. As well as exportfs v list all shared
directories from local computer.
Using GUI tool, you can configure the NFS server using system-config-nfs command

Click on Add

Click on General Options
RH302


- 156 -

NFS is the RPC service so you need to start portmap with nfs.

# service nfs start
#service portmap restart

Similarly you can check what data are shared from the remote host using showmount
command.

#showmount e server

You can use the shared directory from the server using mount command as well as using
Autofs feature.
RH302


- 157 -
Samba Server Configuration
Samba hel ps t o shar e t he dat a bet ween Li nux and Wi ndows
Syst em. Mi cr osof t devel oped Net BI OS pr ot ocol over TCP/ I P t o
r esol ve Name si mi l ar l y SMB wor ks based on Net BI OS pr ot ocol .

SMB hel ps
Shar i ng Dat a
Shar i ng Pr i nt er s
Aut hent i cat i on and Aut hor i zat i on
Name Resol ut i on wi t h WI NS ser ver
Samba Server Installation
#r pmi vh samba- *
#r pmi vh samba- cl i ent - *
samba package pr ovi des t he ser ver conf i gur at i on i nt er f ace
and samba- cl i ent pr ovi des t he samba cl i ent t ool t o connect
t o Mi cr osof t shar es.

Let s go t o connect t o Mi cr osof t Shar e:
#smbcl i ent L / / comput er 1 U admi ni st r at or %passwor d

RH302


- 158 -
Thi s command di spl ays al l shar ed dat a f r om comput er
comput er 1. Wher e comput er 1 i s t he Mi cr osof t Wi ndows net bi os
name. SMB aut hent i cat e t o user so user name i s admi ni st r at or
and passwor d i s passwor d.

Suppose t est di r ect or y i s shar ed f r om comput er 1 and you
want t o connect t o shr ed di r ect or y
#smbcl i ent / / comput er 1/ t est U admi ni st r at or %passwor d
Af t er Connect i ng you wi l l get smb pr ompt .
Smb: <> l s
Smb: <> get f i l ename
Smb: <>put f i l ename
Anot her way of connect i ng t o wi ndows shar e usi ng mount or
smbmount command.
#mount t smbf s / / comput er 1/ t est / mnt / smb o
user name=admi ni st r at or , passwor d=passwor d
I t wi l l mount t he shar ed t est di r ect or y i nt o / mnt / smb
di r ect or y. I t br i ngs t he ext er nal wi ndows shar ed di r ect or y
i nt o t he Li nux Fi l esyst em Hi r er chy. When mount i ng t he samba
shar ed dat a, you need t o speci f y t he smbf s f i l esyst em.

#umount / mnt / smb unmount s t he mount ed f i l esyst em

#smbmount / / comput er 1/ t est / mnt / smb o
user name=admi ni st r at or %passwor d
smbmount al so same as mount command but onl y use t o mount
samba shar ed dat a.
Samba Server Configuration
RH302


- 159 -
/ et c/ samba/ smb. conf i s t he mai n conf i gur at i on f i l e f or
samba ser ver i n l i nux as wel l as ot her f i l es l ocat ed i n
/ et c/ samba di r ect or y. smb i s t he samba ser vi ce.

When you i nst al l samba r pm package i t i nst al l t he package
wi t h def aul t conf i gur at i on f i l e / et c/ samba/ smb. conf .
I t i s bet t er way t o go wi t h basi c exampl e.

1. Shar i ng Dat a
#vi / et c/ samba/ smb. conf
[ gl obal ]
net bi os name=l i nuxser ver
wor kgr oup=mygr oup
ser ver st r i ng=shar i ng f r oml i nux ser ver
secur i t y=shar e

[ dat a]
pat h=/ dat a
br owsabl e=yes
wr i t abl e=yes
publ i c=yes

I r ecommend you r ename t he def aul t smb. conf f i l e and cr eat e
new.
Ther e ar e some t ags ar e pr edef i ned exampl e, gl obal ,
pr i nt er s, homes et c.
Gl obal sect i on i s used t o def i ne t he gl obal opt i on t o ot her
shar e dat a.
RH302


- 160 -
I al r eady met i oned t hat Mi cr osof t Wi ndows uses net bi os
pr ot ocol t o r esol ve comput er name same t hi ng what name
shoul d r esol ve or what name shoul d di spl ay i n net wor k
pl aces. Your shar e wi l l di spl ay wi t h l i nuxser ver name.

Your samba shar e bel ong whi ch gr oup t hat def i nes usi ng
wor kgr oup di r ect i ves. Thi s shar e bel ongs t o mygr oup.

Ser ver st r i ng di r ect i ves i s used t o wr i t e t he descr i pt i on
of shar e. And secur i t y def i nes t he l evel of secur i t y of
samba shar e. Val ue of Secur i t y can be:

Security=Server : Ser ver Secur i t y mode i s l ef t over f r om
t he t i me when samba was nt capabl e of act i ng as a domai n
member ser ver . I t i s hi gl y r ecomemded not t o use t hi s
f eat ur e.
Security=User : User l evel secur i t y f i r st because i t s
si mpl er . I n user - l eel secur i t y, t he cl i ent sends a sessi on
set up r equest di r ect l y f ol l owi ng pr ot ocol negot i at i on. Thi s
r equest pr ovi des a user name and passwor d. The ser ver can
ei t her accept or r ej ect t he user name and passwor d
combi nat i on.
security=share : I n shar e l evel secur i t y, t he cl i ent
aut hent i cat es i t sel f separ at el y f or each shar e. I t sends a
passwor d al ong wi t h each t r ee connect i on r equest , but i t
does not expl i ci t l y send a user name wi t h t hi s oper at i on.

Now i t s t i me t o def i ne shar e name. [ dat a] i s t he shar e
name of shar ed di r ect or y.

RH302


- 161 -
[data]
path=/data
browsable=yes
writable=yes
public=yes

path i s t he di r ect or y t o shar e, br owsabl e=yes means shar ed
di r ect or y appear i n net wor k pl aces, i f you woul d l i ke t o
shar e as hi dden shar e use no opt i on.
wr i t abl e=yes, t hi s i s shar e l evel per mi ssi on. Di r ect or y i s
shar i ng i n r ead and wr i t e mode.
publ i c=yes, guest user of wi ndows can access or not .

Now you have t o st ar t t he smb ser vi ce
#ser vi ce smb st ar t | r est ar t

RH302


- 162 -
2. Shar i ng Dat a wi t h user Aut hent i cat i on

[ gl obal ]
secur i t y=user
smb passwd f i l e=/ et c/ samba/ smbpasswd
encr ypt passwor ds=yes

[ dat a]
pat h=/ dat a
br owsabl e=yes
wr i t abl e=yes
publ i c=yes

When you woul d l i ke t o shar e dat a wi t h user based
aut hent i cat i on, means bef or e accessi ng t he dat a shoul d ask
f or samba user and passwor d. You shoul d use t he user i n
secur i t y t ype.
smb passwd f i l e r epr esent s wher e t o st or e t he user name and
passwor d of samba user . Passwor ds shoul d sent on encr ypt
f or mat or not def i ne by encr ypt passwor ds opt i ons.

Now you need t o cr eat e t he samba user
#smbpasswd a user 1 : I t wi l l cr eat e t he user 1 as a samba
user and st or es t he user name and passwor d i nt o t he f i l e as
def i ned i n smb passwd f i l e di r ect i ves.

RH302


- 163 -
J ust r est ar t t he smb ser vi ce.
#ser vi ce smb st ar t | r est ar t
Go t o wi ndows syst emand access t he shar ed f r oml i nux usi ng
l i nuxser ver net bi os name. When you t r y t o access i t ask f or
user name and passwor d of l i nux ser ver .

Some ot her i mpor t ant opt i ons

i . host s al l ow = 172. 24. 192. 168. 0 : Def i ne whi ch host s
can access t he shar e.

i i . val i d user s= user 1 user 2 : Def i ne Whi ch user can
access t hi s shar e

i i i . r ead onl y : Whet her shar e t he dat a r ead onl y mode or
not

i v. wr i t e l i st : Whi ch user or gr oup can access i n r ead
and wr i t e mode even dat a shar ed i n r ead onl y mode.

RH302


- 164 -
Exampl e:

[ gl obal ]
secur i t y=user
host s al l ow= 172. 24. 192. 168. 0.
[ dat a]
pat h=/ dat a
br owsabl e=yes
wr i t abl e=yes
publ i c=yes
val i d user s=user 1

[ dat a1]
pat h=/ dat a1
br owsabl e=yes
wr i t abl e=no
wr i t e l i st =user 2 @t r ai ni ng

[ dat a2]
pat h=/ dat a2
br owsabl e=yes
wr i t abl e=no
host s al l ow=172. 24

RH302


- 165 -
# ser vi ce smb r est ar t
Logi n i n Wi ndows syst em and access f r om Net wor k Pl aces or
go t o t he r un and t ype \ \ l i nuxser ver
RH302


- 166 -
Sharing Users Home Directory
SMB can use f or user aut hent i cat i on al so, i f you ar e
usi ng samba domai n user s home di r ect or y shoul d access
f r omt he cl i ent machi ne.

Example

[ gl obal ]
secur i t y=user

[ homes]
publ i c=no
br owsabl e=yes
wr i t abl e=yes

#user add user 1
#user add user 2
#user add user 3
#smbpaswd a user 1
#smbpasswd a user 2
#smbpasswd a user 3

#ser vi ce smb r est ar t | st ar t

RH302


- 167 -
Sharing Printer through Samba
Samba al so hel ps t o shar e t he pr i nt er connect ed i n l i nux
ser ver .

[ gl obal ]
secur i t y=shar e
pr i nt i ng=cups
pr i nt cap name=/ et c/ pr i nt cap
l oad pr i nt er s=yes

[ pr i nt es]
pat h=/ var / spool / samba
publ i c=yes
br owsabl e=yes
wr i t abl e=no
pr i nt abl e=yes

pr i nt i ng def i ne t he sof t war e used t o pr i nt t he document .
/ et c/ pr i nt cap f i l e mai nt ai ns al l pr i nt er named i nst al l ed
on l ocal syst em.

Pr i nt er s i s t he pr edef i ned t ag whi ch r epr esent s al l
i nst al l ed pr i nt er . / var / spool / samba i s t he spool i ng
di r ect or y.

Ther e i s t ool name testparm, whi ch checks t he synt ax of
/ et c/ samba/ smb. conf .
RH302


- 168 -
I f you woul d t o l i ke t o conf i gur e t he SAMBA ser ver usi ng
Redhat GUI Ver si on t ool
#syst em- conf i g- samba

Si mi l ar l y you can conf i gur e samba ser ver t hr ough br owser
cal l ed samba swat . Open br owser and t ype
ht t p: / / l ocal host : 901

RH302


- 169 -
Samba Swat Conf i gur at i on wi ndow

RH302


- 170 -
Sendmail Server

Sendmai l i s t he def aul t mai l ser ver i n Redhat Ent er pr i se
Li nux 5 havi ng l ot s of f eat ur es.

I t r out es mai l i n di f f er ent t ypes addr esses
Suppor t s f or vi r t ual domai n as wel l as vi r t ual user s
Can Masquer ade Emai l Addr esses
Aut omat i cal l y r et r y f or f ai l ed emai l
By Def aul t al l ows connect i ons onl y f r oml ocal host
Rej ect s mai l f r omunr esol vabl e domai n
Ant i - SpamFeat ur es added

Her e i s t he over vi ew of Emai l t r ansf er

Users Mail Client Program
Local Mail Transport Agent
ISPs MTA
Domain MTA
Users get the Message
RH302


- 171 -

When user sends t he message usi ng Mai l Cl i ent pr ogr am
l i ke kmai l , Evol ut i on Mai l . Mai l wi l l send t o Local Mai l
Tr anspor t Agent . Local Mai l Tr anspor t Agent uses t he
Mul t i pl e MTA i n bet ween t he sour ce MTA and Dest i nat i on
MTA. I SP s MTA sear ch t he domai n mai l exchanger of
dest i nat i on domai n. Then I SP s MTA and Dest i nat i on MTA
st ar t t he negot at i on t o est abl i sh t he connect i on. Af t er
Compl et i ng t he Negot at i on connect i on wi l l est abl i shed and
accor di ng t o t he Admi ni st r at or s pol i cy mai l wi l l accept
or r ej ect by t he dest i nat i on MTA.

For Sendmai l you need t o i nst al l
i . sendmai l
i i . sendmai l - cf
i i i . dovecot

I n RHCE examyou need t o conf i gur e t he basi c mai l ser ver .

Some Important Files needs to remember
i . /etc/mail/sendmail.cf : I t i s t he mai n sendmai l
cof i gur at i on f i l e, whi ch i s r ead by sendmai l
ser vi ce. Thi s f i l e i s t he Mi cr o 4 Language s out put
gener at ed usi ng sendmai l . mc f i l e.
i i . /etc/mail/sendmail.mc : I t i s t he f i l e used t o
conf i gur e t he mai l sendmai l conf i gur at i on f i l e. I t
RH302


- 172 -
i s i n r eadabl e f or mat . What ever you made changes you
need t o gener at e sendmai l . cf f i l e.
i i i . /etc/mail/access : I t i s t he f i l e t o al l ow or deny
mai l comi ng f r omhost , net wor k, domai n or mai l
addr ess.
i v. /etc/mail/virtusertable : Thi s f i l e hel ps t o map t he
vi r t ual addr ess i nt o t he r eal addr ess.
v. /etc/mail/local-host-names : I t cont ai ns t he l i st of
domai ns t o accept t he mai l comi ng f or .
vi . / et c/ al i ases : Thi s f i l e i s used t o al i as t he emai l
addr ess.
vi i . / et c/ dovecot . conf : I t i s t he dovecot conf i gur at i on
f i l e used t o enabl e i map, i maps, pop3, pop3s
pr ot ocol s.

Lets go to configure the mail server

Suppose I mgoi ng t o conf i gur e t he mai l ser ver f or
exampl e. comdomai n. I speci f i ed t hat mai l exchanger of
exampl e. comdomai n i s mai l . exampl e. comassoci at ed I P
192. 168. 0. 5. Yes I mdoi ng on mai l . exampl e. comhost .
i . vi / et c/ mai l / l ocal - host - names
exampl e. com

i i . vi / et c/ mai l / sendmai l . mc
dnl DAEMON_OPTI ONS( `Por t =smt p, Addr =127. 0. 0. 1, Name=MTA' )
i i i . m4 / et c/ mai l / sendmai l . mc >/ et c/ mai l / sendmai l . cf
i v. vi / et c/ mai l / access
RH302


- 173 -
192. 168. 0 ACCEPT
v. vi / et c/ dovecot . conf
pr ot ocol s = i map i maps pop3 pop3s
v. ser vi ce sendmai l st ar t
vi . ser vi ce dovecot st ar t

I mher e goi ng t o conf i gur e t he mai l ser ver f or
exampl e. comdomai n so I shoul d speci f y t he domai n name t o
whi ch mai l comi ng accept by t hi s host .
I al r eady wr ot e t hat by def aul t sendmai l ser ver accept
t he connect i on onl y f r oml ocal host . Now need t o al l ow t he
smt p or pop connect i on f r omot her host s al so so I comment
t he l i ne cont ai ni ng t o al l ow onl y t o l ocal host usi ng dnl
wor d. sendmai l . mc i s t he mai n user conf i gur at i on f i l e
wr i t t en i n Mi cr o 4 Language wher e dnl comment t he l i ne.
Af t er changi ng t he conf i gur at i on of sendmai l . mc f i l e
needs t o cr eat e sendmai l . cf usi ng m4 because sendmai l
ser ver r eads t he sendmai l . cf f i l e.

Access f i l e def i ne t o accept or r ej ect mai l s comi ng f r om;
192. 168. 0 ACCEPT
192. 168. 1 REJ ECT
@cr acker . or g REJ ECT
nobody@ REJ ECT
user 1@yahoo. com ERROR: 550 I nval i d Emai l Addr ess

Her e you can def i ne whi ch mai l accept or r ej ect comi ng.
I n Above exampl e mai l comi ng f r om192. 168. 0 net wor k
accept s, comi ng f r om192. 168. 1 net wor k r ej ect s, mai l f r om
cr acker . or g domai n r ej ect s, any mai l comi ng havi ng nobody
RH302


- 174 -
i n emai l addr ess r ej ect s . Usi ng ERROR: 550 er r or Code you
can di spl ay user def i ne er r or message.

By def aul t dovecot st ar t t he i map pr ot ocol i f you want t o
st ar t pop pr ot ocol you shoul d wr i t e i n dovecot
conf i gur at i on f i l e / et c/ dovecot . conf .

# vi / et c/ dovecot . conf
pr ot ocol s = i map i maps pop3 pop3s
#ser vi ce dovecot st ar t | r est ar t
RH302


- 175 -
Let s go t o map t he vi r t ual addr ess i nt o r eal addr ess.
/ et c/ mai l / vi r t user t abl e f i l e i s used t o map t he vi r t ual
addr ess i nt o t he r eal addr ess.
@abc. com user 1
i nf o@xyz. com user 2
admi n@t est ki ng. com user 3

I n above exampl e, mai l comi ng f or any user of abc. com
domai n wi l l send t o user user 1, mai l comi ng t o
i nf o@xyz. com wi l l send t o user 2 and mai l comi ng t o
admi n@t est ki ng. comt o user 3.

Aliasing Real Address to Read Address
Suppose you ar e wor ki ng as a Admi ni st r at or i n abc. comand
t her e ar e t wo empl oyee havi ng user 1 and user 2 user name.
When user user 1 absent user 2 wi l l handl e al l user 1 s
r esponsi bi l i t i es, now you shoul d f or war d al l mai l s comi ng
t o user 1 t o user 2.
Yes f or t hi s t her e i s a f i l e / et c/ al i ases, f r omt hi s f i l e
we can al i as t he user .

User 1: user 2 : Al l mai l comi ng t o user user 1 wi l l send
t o user user 2. But r emember t hat af t er changi ng t he
conf i gur at i on of al i ases f i l e needs t o gener at e t he
dat abase f i l e al i ases. db usi ng newaliases command.

Af t er Conf i gur i ng mai l ser ver , you can di r ect l y send or
check t he mai l by l ogi n i nt o t he mai l ser ver i n 25 and
110 por t s. 25 por t i s used by SMTP ( Si mpl e Tr ansf er
Pr ot ocol ) and 110 i s used by POP3 ( Post Of f i ce Pr ot ocol ) .
RH302


- 176 -

Exampl e of l ogi n i nt o mai l ser ver i n SMTP por t .

#t el net mai l . exampl e. com25
hel o mai l . exampl e. com
mai l f r om: user 1@exampl e. com
r cpt t o: user 2@exampl e. com
dat a
Hel l o user 2
.
qui t

Yes SMTP pr ot ocol i s used t o send t he message so I shown
you t he exampl e of sendi ng mai l f r omSMTP por t . Let s go
t o check t he mai l vi a pop por t .

# t el net mai l . exampl e. com110
user user 1
pass mypasswor d
st at
t op 1 123 ( Gi ve t he val ue of st at out put )
qui t
RH302


- 177 -
Lets Go with sendmail.mc more options
Thi s i s t he mai n conf i gur at i on f i l e f or sendmai l ser ver
pr ogr am. Her e dnl i s comment and par ent heses st ar t s wi t h
back quot e and end wi t h si ngl e quot e.

The f ol l owi ng i ncl ude command adds t he cf . m4 command as a
macr o pr ocessi ng pr ot ot ype; by def aul t , i t r equi r es
i nst al l at i on of t he sendmai l - cf - * RPM.

So ever y t i me when you make changes i nt o sendmal . mc f i l e
needs t o gener at e sendmai l . cf f i l e usi ng m4 command.

i ncl ude( `/ usr / shar e/ sendmai l - cf / m4/ cf . m4' ) dnl

Local Ver si on associ at ed wi t h i nst al l ed sendmai l ser ver

VERSI ONI D( `set up f or Red Hat Li nux ' ) dnl
CONFI GURI NG SENDMAI L 597
Def i ned t he OS t ype.

OSTYPE( `l i nux' ) dnl

Wr i t e t he next mai l ser ver name t o f or war d al l out oi ng
mai l . Gener al l y t hi s i s t he Mai l ser ver of your I SP.

dnl def i ne( `SMART_HOST' , `smt p. your . pr ovi der ' )

RH302


- 178 -
Def i ned t he dat abase name cont ai ni ng t he l i st of bl ack
l i st i ng.

FEATURE( `access_db' , `hash - T<TMPF> -
o/ et c/ mai l / access. db' ) dnl
FEATURE( `bl ackl i st _r eci pi ent s' ) dnl

I f t he r oot user t r i es t o l og i n, t he EXPOSED_USER
command r equi r es t he f ul l e- mai l addr ess.
EXPOSED_USER( `r oot ' ) dnl
The LOCAL_DOMAI N command speci f i es an al i as f or t he l ocal
comput er ; l ocal host . l ocal domai n i s a def aul t al i as i n
/ et c/ host s.
LOCAL_DOMAI N( `l ocal host . l ocal domai n' ) dnl

MASQUERADE_AS changes t he domai n t o al l out goi ng mai l s.
MASQUERADE_AS( `t est ki ng. com' ) dnl
dnl # masquer ade not j ust t he header s, but t he envel ope
as wel l
dnl #
dnl FEATURE( masquer ade_envel ope) dnl
dnl #
dnl # masquer ade not j ust @mydomai nal i as. com, but
@*. mydomai nal i as. comas wel l
dnl #
dnl FEATURE( masquer ade_ent i r e_domai n) dnl
dnl #
RH302


- 179 -
usi ng MASQUERADE_DOMAI N you can masquer ade t o mul t i pl e
domai ns wi t h same.

dnl MASQUERADE_DOMAI N( l ocal host ) dnl
dnl MASQUERADE_DOMAI N( l ocal host . l ocal domai n) dnl
dnl MASQUERADE_DOMAI N( abc. com) dnl
dnl MASQUERADE_DOMAI N( exampl e. com) dnl

RH302


- 180 -
Apache overview
Apache web ser ver i s t he most wi del y used ht t p daemon
based web ser ver . Whi ch pr ovi des t he secur e as wel l as
non- secur e cont ent s t r ansf er bet ween cl i ent and ser ver
usi ng ht t p or ht t ps pr ot ocol s. Apache l oads l ot s of
modul es dynami cal l y t o i nt er pr et t he CGI , Per l , PHP et c
scr i pt s on br owser .

LoadModul e access_modul e modul es/ mod_access. so
LoadModul e aut h_modul e modul es/ mod_aut h. so
LoadModul e aut h_anon_modul e modul es/ mod_aut h_anon. so
LoadModul e aut h_dbm_modul e modul es/ mod_aut h_dbm. so
LoadModul e aut h_di gest _modul e modul es/ mod_aut h_di gest . so
LoadModul e l dap_modul e modul es/ mod_l dap. so
LoadModul e aut h_l dap_modul e modul es/ mod_aut h_l dap. so
LoadModul e i ncl ude_modul e modul es/ mod_i ncl ude. so
LoadModul e l og_conf i g_modul e modul es/ mod_l og_conf i g. so
LoadModul e env_modul e modul es/ mod_env. so
LoadModul e mi me_magi c_modul e modul es/ mod_mi me_magi c. so
LoadModul e cer n_met a_modul e modul es/ mod_cer n_met a. so
LoadModul e expi r es_modul e modul es/ mod_expi r es. so
LoadModul e def l at e_modul e modul es/ mod_def l at e. so
LoadModul e header s_modul e modul es/ mod_header s. so
LoadModul e user t r ack_modul e modul es/ mod_user t r ack. so
LoadModul e set envi f _modul e modul es/ mod_set envi f . so
LoadModul e mi me_modul e modul es/ mod_mi me. so
LoadModul e dav_modul e modul es/ mod_dav. so
LoadModul e st at us_modul e modul es/ mod_st at us. so
LoadModul e aut oi ndex_modul e modul es/ mod_aut oi ndex. so
LoadModul e asi s_modul e modul es/ mod_asi s. so
RH302


- 181 -
LoadModul e i nf o_modul e modul es/ mod_i nf o. so
LoadModul e dav_f s_modul e modul es/ mod_dav_f s. so
LoadModul e vhost _al i as_modul e modul es/ mod_vhost _al i as. so
LoadModul e negot i at i on_modul e modul es/ mod_negot i at i on. so
LoadModul e di r _modul e modul es/ mod_di r . so
LoadModul e i map_modul e modul es/ mod_i map. so
LoadModul e act i ons_modul e modul es/ mod_act i ons. so
LoadModul e spel i ng_modul e modul es/ mod_spel i ng. so
LoadModul e user di r _modul e modul es/ mod_user di r . so
LoadModul e al i as_modul e modul es/ mod_al i as. so
LoadModul e r ewr i t e_modul e modul es/ mod_r ewr i t e. so
LoadModul e pr oxy_modul e modul es/ mod_pr oxy. so
LoadModul e pr oxy_f t p_modul e modul es/ mod_pr oxy_f t p. so
LoadModul e pr oxy_ht t p_modul e modul es/ mod_pr oxy_ht t p. so
LoadModul e pr oxy_connect _modul e
modul es/ mod_pr oxy_connect . so
LoadModul e cache_modul e modul es/ mod_cache. so
LoadModul e suexec_modul e modul es/ mod_suexec. so
LoadModul e di sk_cache_modul e modul es/ mod_di sk_cache. so
LoadModul e f i l e_cache_modul e modul es/ mod_f i l e_cache. so
LoadModul e mem_cache_modul e modul es/ mod_mem_cache. so

/ et c/ ht t pd i s t he r oot di r ect or y of ht t pd ser vi ce,
/ et c/ ht t pd/ conf / ht t pd. conf i s t he mai n conf i gur at i on f i l e
f or ht t p ser vi ce.

By def aul t ht t pd ser vi ce r uns under t he owner shi p of apache
user and apache gr oup on por t 80.

RH302


- 182 -
User apache
Gr oup apache
# Change t hi s t o Li st en on speci f i c I P addr esses as shown
bel ow t o
# pr event Apache f r omgl ommi ng ont o al l bound I P addr esses
( 0. 0. 0. 0)
#
#Li st en 12. 34. 56. 78: 80
Li st en 80

I nst al l i ng ht t p ser vi ce
# r pmi vh ht t pd- *
Or
#syst em- conf i g- packages t r ee=/ var / f t p/ pub

/ var / www/ ht ml i s t he def aul t di r ect or y i f you woul d l i ke t o
change t he def aul t change
RH302


- 183 -
<Di r ect or y " / var / www/ ht ml " >
i n / et c/ ht t pd/ conf / ht t pd. conf f i l e.

By def aul t Di r ect or yI ndex i s i ndex. ht ml or i ndex. ht ml . r ar

Di r ect or yI ndex i ndex. ht ml i ndex. ht ml . var

Si mi l ar l y AccessFi l eName i s . ht access

AccessFi l eName . ht access

Starting httpd service

#service httpd start
#chkconfig level 35 httpd on

1. Set t i ng Def aul t Page f or ht t p ser vi ce
When you t est t he ht t p ser vi ce t hr ough br owser by t ypi ng
ht t p: / / l ocal host , i t wi l l di spl ay message page.

RH302


- 184 -

To change t he def aul t page
#cd / var / www/ ht ml
#cat >i ndex. ht ml
<ht ml >
<head>
<t i t l e>: : : t est page f or l ocal host : : : </ t i t l e>
</ head>
<body>Test page</ body>
</ ht ml >

Now Open t he br owser and t ype ht t p: / / l ocal host you wi l l get
you i ndex. ht ml page.

RH302


- 185 -
We can Conf i gur e t he apache web ser ver f or web si t e ei t her
one si t e one i p or by shar i ng t he I P Addr ess means mul t i pl e
web si t e on si ngl e I P Addr ess.

2. Apache conf i gur at i on f or I P based web si t e
Bef or e st ar t i ng t hi s Fi r st f ul l y conf i gur ed t he DNS.

# vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.3>
ServerName www.example.com
DocumentRoot /var/www/example
ServerAdmin admin@example.com
DirectoryIndex index.html index.php
</VirtualHost>
#service httpd restart | start
#links http://www.example.com

Vi r t ual host maps t he vi r t ual di r ect or y i nt o t he r eal pat h.
Ser ver name def i ne t he ser vi ce name f or vi r t ual host .
Document Root di r ect i ves def i nes t he pat h of document f or
web si t e. Ser ver Admi n i s t he emai l addr ess t o mai l when
er r or occur r ed on ser ver . Di r ect or yI ndex di r ect i ves def i nes
t he def aul t page f or t he web si t e.

You can Access t he web si t e ei t her usi ng GUI br owser or
consol e br owser .
Li nks i s t he consol e based br owser .

RH302


- 186 -
3. Exampl e of Conf i gur i ng Apache webser ver f or Name based
web si t e

I f you want t o host mul t i pl e web si t e on si ngl e I P Addr ess.
Exampl e www. exampl e. comas wel l as www. abc. comar e
associ at ed i n 192. 168. 0. 3.

#vi /etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.3
<VirtualHost www.example.com>
DirectoryIndex index.html index.htm index.php
</VirutalHost>

<VirtualHost www.abc.com>
ServerName www.abc.com
ServerAdmin admin@abc.com
DocumentRoot /var/www/abc
</VirutalHost>

#service httpd restart
#links www.example.com
#links www.abc.com

RH302


- 187 -

4. virtual Hosting with User based Authentication

Apache ser ver suppor t s t he vi r t ual host conf i gur at i on wi t h
user based aut hent i cat i on.

I mgoi ng t o show you t he exampl e t hat www. exampl e. com
shoul d abl e t o access by t he ht t p user s cr eat ed i n web
ser ver .

<Directory /var/www/example>
AllowOverride Authconfig
</Directory>
</VirtualHost>

You shoul d use t he Di r ect or y di r ect i ves t o def i ne t he pat h
of di r ect or y.

Now Cr eat e t he Access Fi l e i n di r ect or y def i ned i n
di r ect or y di r ect i ves i n Vi r t ul ahost .

#cd /var/www/example
RH302


- 188 -
#vi .htaccess
AuthName Only to Authorized Users
AuthType basic
AuthUserFile /etc/httpd/conf/mypasswd
Require valid-user

# htpasswd c /etc/httpd/conf/mypasswd user1
# htpasswd m /etc/httpd/conf/mypasswd user2
#chgrp apache /etc/httpd/conf/mypasswd
#chmod g+r /etc/httpd/conf/mypasswd

For User based Aut hent i cat i on you need t o cr eat e t he
. ht access f i l e by def i ni ng Aut hent i cat i on di al og message,
aut hent i cat i on t ype, f i l e st or es t he ht t p user name and
passwor d and r equi r ed t o aut hent i cat e.

ht passwd command cr eat es t he ht t p user and ask f or
passwor d. I al r eady t ol d you t hat ht t pd ser ver r uns under
t he owner shi p apache user and gr oup so need t o change t he
owner shi p and set t he r ead onl y per mi ssi on t o gr oup.

When you access t he www. exampl e. comwebsi t e, i t asks f or
t he user name and passwor d.

RH302


- 189 -

5. Virtual Hosting with Host based Authentication
I shown you t he exampl e of user based aut hent i cat i on, now
goi ng t o conf i gur e whi ch host or net wor k can access t he web
si t e or deny t o whi ch si t e.

<Directory /var/www/example>
Order Allow, Deny
Allow from .example.com
</Directory>
</VirtualHost>


RH302


- 190 -
To al l ow or deny t o host you can use or der al l ow, deny or
deny, al l ow.

Or der al l ow, deny : Expl i ci t Al l owed t o cl i ent s speci f i ed
i n al l ow f r omand deny ever yone el se.
Or der deny, al l ow : Expl i ci t deni ed t o cl i ent s speci f i ed i n
deny f r omand al l ow ever yone el se.

I n Above exampl e al l owed t o al l member of exampl e. com
domai n and deny t o ever yone.

6. Conf i gur i ng Apache Web ser ver t o execut e CGI Scpr i pt s

You shoul d cr eat e your own scr i pt Al i as di r ect or y f or CGI
Scr i pt s and needs t o pl ace al l CGI scr i pt s on al i ases
di r ect or y.


ScriptAlias /cgi-bin/ /var/www/example/cgi-bin/
</VirtualHost>

# mkdir /var/www/example/cgi-bin
#cd /var/www/example/cgi-bin
RH302


- 191 -
#vi test.sh
#!/bin/bash
echo Content-Type: text/html
echo Hello RHCE Guys
#chmod a+x test.sh

Now your CGI scr i pt s i s r eady t o execut e
#links www.example.com/cgi-bin/test.sh

7. Conf i gur i ng Secur e HTTP
Apache web ser ver pr ovi des f eat ur e of secur e ht t p by
l oadi ng t he mod_ssl . so modul e. By def aul t communi cat i on
usi ng t he ht t p pr ot ocol i s pl ai n t ext f or mat so t her e i s
sol ut i on of make encr ypt ed communi cat i on usi ng apache web
ser ver by conf i gur i ng ht t ps. ht t ps pr ot ocol uses 443 t cp
por t .

Encr ypt i on i s based on ei t her RSA or DSa al gor i t hm. Pr i vat e
ket s, sel f - si gned cer t i f i cat es or cer t i f i cat e si gnat ur e
r equest s can be gener at ed usi ng t he openssl ut i l i t y.

/etc/httpd/conf/ssl.key/server.key i s t he pr i vat e key
f i l e and /etc/httpd/conf/ssl.crt/server.crt i s t he
sel f si nged cer t i f i cat e.

/etc/httpd/conf.d/ssl.conf i s t he mai n SSL
conf i gur at i on f i l e.
RH302


- 192 -

# vi /etc/httpd/conf.d/ssl.conf
DirectoryIndex index.html
serverAdmin admin@example.com
SSLEngine on
SSLcertificateFile
/etc/httpd/conf/ssl.crt/server.crt
SSLcertificateKeyFile
/etc/httpd/conf/ssl.key/server.key
</VirtualHost>

Now you need t o cr eat e t he cer t i f i cat e f i l e and key f i l e.
I n Redhat Ent er pr i se Li nux al r eady pr e- conf i gur ed MakeFi l e
i s st or ed i n / et c/ ht t pd/ conf or / usr / shar e/ ssl / cer t s
di r ect or y. Now you need t o j ust use t he make command.

#cd /etc/httpd/conf
#make testcert

Open t he Br owser and t ype ht t ps: / / www. exampl e. comnow you
wi l l get t he si gned cer t i f i cat e.

Ther e i s GUI ver si on of Redhat s ht t p conf i gur at i on t ool :

RH302


- 193 -
#system-config-httpd

RH302


- 194 -
Squid Server
Squi d i s t he i nt er net cache pr oxy ser ver f or FTP, HTTP and
ot her cl i ent s r equest . Squi d suppor t s FTP, HTTP as wel l as
SSL and ot her pr ot ocol s.

Installing Squid
/ et c/ squi d/ squi d. conf i s t he mai n squi d conf i gur at i on f i l e
pr ovi des by squi d r pmpackage.

#rpm ivh squid-*
or
#system-config-packages tree=/var/ftp/pub

I n Redhat Ent er pr i se Li nux you need t o know t he basi c
conf i gur at i on t o r un squi d pr oxy ser ver .
RH302


- 195 -
1. Por t : by def aul t squi d r uns on por t 3128, you
can change t hat por t usi ng ht t p_por t di r ect i ves
ht t p_por t 8080 : I t r uns t he squi d on 8080 por t
2. ACL You Need t o cr eat e t he Access Cont r ol Li st t o
make al l ow or deny t he I nt er net Access.

acl mynet src 192.168.0.0/255.255.255.0
acl denynet src 192.168.1.0/255.255.255.0
acl blocksite dstdomain .yahoo.com

These ACL def i ne cer t ai n Net wor k or domai n name. sr c
acl t ype def i nes sour ce f r om, dst domai n def i ne t he
dest i nat i on domai n.

Af t er Cr eat i ng ACL, you need t o ei t her al l ow or
deny.

http_deny deny blocksite
http_access allow mynet
http_access deny denynet

#service squid start | restart
#chkconfig squid on

Proxy Configuration in Client

Af t er Conf i gur i ng t he squi d pr oxy ser ver you need t o set
t he pr oxy i nf or mat i on i n cl i ent br owser .
Open t he Fi r ef ox br owser
RH302


- 196 -
Cl i ck on Edi t Pr ef er ences
Cl i ck on Gener al
Cl i ck Connect i on Set t i ngs
Sel ect Manual Pr oxy Conf i gur at i on
o Type Pr oxy addr ess and por t number r unni ng on.

RH302


- 197 -
NIS (Network Information Services)

NI S i s t he t r adi t i onal di r ect or y ser vi ces f or cent r al i zed
aut hent i cat i on devel oped by Sun Mi cr o Syst ems. St i l l i t i s
used as a st andar d aut hent i cat i on met hod i n Li nux.

I n Net wor k envi r onment one ser ver can be Mast er NI S and
mor e t han one can be sl ave NI S ser ver s. Mast er NI S i s t he
ser ver havi ng al l or i gi nal conf i gur at i on and i nf or mat i on
but sl aves ar e cal l ed t he backup of mast er .

You need t o I nst al l ypser v, ypbi nd and yp- t ool s r pm
packages f or NI S ser ver .
Anot her way i nst al l usi ng Redhat s GUI package management
t ool syst em- conf i g- packages.
#syst em- conf i g- packages - - t r ee=/ var / f t p/ pub

RH302


- 198 -
Cl i ck on Net wor k Ser ver s gr oup and sel ect ypser v.

Her e I mgoi ng t o conf i gur e ni s1. exampl e. comas a mast er
NI S ser ver and ni s2. exampl e. comas a sl ave NI S ser ver .

Configuring NIS Master Server

1. You need t o set t he domai n name

#domainname example.com
#vi /etc/sysconfig/network
NISDOMAIN=example.com
You know domai nname command di spl ays or set s t he domai n
f or cur r ent sessi on. I f you woul d l i ke t o set per manent l y
use t he NI SDOMAI N di r ect i ves i n / et c/ sysconf i g/ net wor k
f i l e.

2. vi /var/yp/MakeFile

Her e I m Goi ng t o Conf i gur e Mast er as wel l as Sl ave NI S
Ser ver s so i f you have onl y mast er ser ver you can set
NOPUSH=t r ue but i f you have Mast er as wel l as sl ave
ser ver , you need t o set NOPUSH=f al se.
NOPUSH=f al se

Now set t he par amet er s t o map wi t h cl i ent .
al l : passwd gr oup host s # r pc ser vi ces . .
I set comment af t er host s because I woul d l i ke t o map
onl y passwd , gr oup and host s i nf or mat i on.
RH302


- 199 -

Now you need t o publ i sh t he maps i nf or mat i on i nt o
di r ect or y. MakeFi l e i s t he pr econf i gur ed f i l e, j ust make
si mpl e changes you need t o publ i sh on di r ect or y usi ng
make command.

3. cd /var/yp
# make
Af t er successf ul l y r unni ng make command check i n / var / yp/
t her e you wi l l get t he di r ect or y same name as domai n.

4. St ar t t he ypser v and yppasswdd ser vi ce
# service ypserv start
#service yppasswdd start
# service portmap restart

NI S al so RPC ser vi ces so i t r equi r ed por t map ser vi ce.

5. Now def i ne al l NI S ser ver s i n Mast er Ser ver
# / usr / l i b/ yp/ ypi ni t m

I t wi l l ask f or t he NI S ser ver
Next host t o add: ni s1. exampl e. com
Next host t o add: ni s2. exampl e. com
J ust Type al l your sl ave NI S ser ver name and pr ess ct r l - D

6. St ar t t he ser vi ces

# service ypserv restart
RH302


- 200 -
# service yppasswdd restart

Now your NI S Mast er Ser ver i s r eady. Let s go t o conf i gur e
NI S sl ave i n ni s2. exampl e. com.
1. You need t o set t he domai nname
domainname example.com
# vi /etc/sysconfig/network
NISDOMAIN=example.com

2. /usr/lib/yp/ypinit s nis1.example.com

I al r eady t ol d t o you t hat Sl ave ser ver i s backup of mast er
ni s ser ver , when you r un t hi s command, i t wi l l copy al l
i nf or mat i on publ i shed i n di r ect or y f r ommast er ser ver .
3. St ar t t he ser vi ces
#service ypserv start
#service yppasswdd start

Sharing Users Home Directory
NI S onl y aut hent i cat e t o user s but when user l ogi n i nt o
cl i ent machi ne, user r equi r e user s home di r ect or y. So
Fi r st you need t o shar e user s home di r ect or y f r omser ver .

#vi /etc/exports
/rhome *.example.com(rw,sync)

RH302


- 201 -
Her e al l r emot e user s home di r ect or y ar e cr eat ed i nt o
/ r home so I shar ed t hi s di r ect or y.

#service nfs start

NIS Client
I n cl i ent machi ne :
a. Type authconfig or system-config-
authentication command

f . Sel ect on use NI S t hen cl i ck on Next
g. Type Domai n : exampl e. com
h. Ser ver : 192. 168. 0. 254
RH302


- 202 -

i . Cl i ck on ok
I t means user s ar e aut hent i cat ed f r om t he NI S ser ver
192. 168. 0. 254. When user l ogi n on your Cl i ent machi ne, home
di r ect or y shoul d pr esent i n l ogged on syst em.
I al r eady wr i t t en about t he Aut omount f eat ur e. We can mount
t he user s home di r ect or y i n cl i ent machi ne t o make pr esent
user s home di r ect or y.
a. mkdir /rhome
b. vi /etc/auto.master
/rhome /etc/auto.home --timeout=60
Thi s l i ne speci f y t he mount poi nt by r eadi ng / et c/ aut o. home
as wel l as unmount t he / ni suser s i f user doesn t use wi t hi n
60 seconds.
c. vi /etc/auto.home
* -rw,soft,intr 192.168.0.254:/rhome/&
RH302


- 203 -
Whi ch l i ne speci f y t o mount al l t he cont ent s of / r home
di r ect or y f r omser ver .
f . ser vi ce aut of s r est ar t : aut of s ser vi ce cont r ol s t he
aut o mount f eat ur e of l i nux syst em. Af t er changi ng
conf i gur at i on, need t o r est ar t t he aut of s ser vi ce.
g. Now l ogi n as ser ver s user s.
RH302


- 204 -
System Security

Pluggable Authentication Modules
Redhat Ent er pr i se Li nux uses PAM ( Pl uggabl e Aut hent i cat i on
Modul es) t o aut hent i cat e t o user s by l oadi ng modul es f r om
/ l i b/ secur i t y.

I woul d l i ke t o go by exampl e of aut hent i cat i on,
#t ouch / et c/ nol ogi n
When you cr eat e t hi s bl ank f i l e, when user s t r y t o l ogi n
l ocal l y on t hi s machi ne, i t deni es.
Si mi l ar l y I comment ed t he t t y2 i n / et c/ secur et t y f i l e, when
r oot t r y t o l ogi n i n t er mi nal 2 i t deni es t o l ogi n.

What wi l l checks t hi s ?? PAM yes PAM s modul es checks t hi s
al l t hi ngs you can modi f y t he conf i gur at i on as per you
needs.
Pam_nol ogi n. so modul es check whet her / et c/ nol ogi n f i l e i s
cr eat ed or not , pam_secur et t y. so modul e checks whi ch
t er mi nal ar e avai l abl e t o l ogi n t o r oot user .

/ l i b/ secur i t y: Thi s di r ect or y cont ai ns l i st of pammodul es
/ et c/ pam. d/ : Thi s di r ect or y cont ai ns l i st of pam
appl i cat i ons
/ et c/ secur i t y/ : Thi s di r ect or y cont ai ns l i st of secur i t y
conf i gur at i on f i l es, whi ch r eads by pammodul es.

When you r ead t he f i l e / et c/ pam. d/ l ogi n
RH302


- 205 -
Tests Control Values Modules and parameters
Auth required pam_securetty.so
Auth required pam_nologin.so
Etc.

PAM uses di f f er ent t ypes of met hods t o aut hent i cat e t o
user s.
Tests:

Auth: Aut hent i cat i on Management , whether to prompt for a username and or
a password.
Account: Account Management , it may deny access according to time,
password expiration, or a specific list of restricted users.
Password : passwor d management , It may ask for password to allow or deny
the access.
Sessions : Checks whether users session is running to not.

Control Values
Required : If the module works, the command proceeds. If it fails, go to the next
command in the configuration file but result is already determined that should fail.
Requisite: Same as Required but It stops of checking other modules when one return fail
result.
Sufficient: If the module works, the login or other authentication proceeds.
Optional: Ignore to PAM result either pass or faile.

RH302


- 206 -
PAM configuration for Time based login
PAM has the capabilities to control the users to login at any time. Using PAM can define
the time for user to allow login.
For this you need to configure /etc/security/time.conf file, this file is checks by
pam_times.so module.
/etc/security/time.conf the main configuration file for time based authentication using
PAM.
This file has the syntax of:
Services:terminals:users:times
Generally services represent the pam services, terminals represents the name of terminal,
users means name of user and times allowed time to run program.
Time can write Su, Mo, Tu, We, Th, Fr, Sa, Wk, Wd, Al
login;*;user1;Al0900-1730
This example allow login to user user1 between 9 am to 17:30pm
Login;*;user2;SuMo1200-1400
This example allow log to user user2 between 12pm to 14 pm.
Time.conf file is reads by pam_time.so but you need to call either in login or system-auth
pam file.
#vi /etc/pam.d/login
RH302


- 207 -
account required /lib/security/pam_time.so

PAM configuration for Origin based login
Anot her way of cont r ol l i ng t o user s i s al l owi ng or deny
l ogi n on cer t ai n host s. PAM can do t hi s.

/ et c/ secur i t y/ access. conf i s t he mai n conf i gur at i on f i l e
f or or i gi n based aut hent i cat i on. I t has f ol l owi ng synt ax:

permission:users:origins

I n Per mi ssi ons ei t her + or can use wher e + al l ow t o
access and deny t o access. Second f i el d cont ai ns t he l i st
of user s ei t her t o al l ow or t o deny and or i gi ns r epr esent s
whi ch t er mi nal or host . Her e you can user ALL and EXCEPT
oper at or .

-:ALL EXCEPT root: LOCAL
Thi s exampl e deny t o al l user s l ogi n l ocal l y except r oot
user .

-:user1 : ALL EXCEPT tty5
Thi s exampl e deny t o l ogi n i n al l t er mi nal s except t t y5.

-:nisuser1:ALL EXCEPT station1.example.com

RH302


- 208 -
Thi s exampl e deny t o l ogi n i n al l host s except
st at i on1. exampl e. com

Access. conf f i l e i s r ead by pam_access. so modul e. So you
need t o cal l t hi s modul e.

#vi /etc/pam.d/login
account required /lib/security/pam_access.so

Limiting Number of Processes and Logins

PAM al so can cont r ol t he number of l ogi ns t o user , gr oup
member s as wel l as can cont r ol number of pr ocesses can r un
by user s.

# vi /etc/security/limits.conf
user1 hard nproc 5
@training maxlogins 10
user2 - maxlogins 1

Her e user user 1 can r un maxi mum pr ocess 5, t r ai ni ng gr oup
member s maxi mumcan l ogi n 10, user user 2 can l ogi n one at a
t i me.

Thi s conf i gur at i on f i l e i s r ead by pam_l i mi t s f i l e.

# vi /etc/pam.d/system-auth
session required /lib/security/pam_limits.so

RH302


- 209 -
RH302


- 210 -
Securing Services: Using TCP Wrappers
TCP wr apper s can cont r ol some ser vi ces whi ch i s compi l ed
wi t h l i bwr ap. so modul es. Some ser vi ces has t hei r own
mechani sm t o cont r ol t he host s l i ke ht t p, samba et c
ser vi ces.

But some ser vi ces mai l , f t p, sshd et c doesn t have i t s own
secur i t y mechani sm t o cont r ol host s. So These ser vi ces can
cont r ol by TCP Wr apper s.

TCP Wrappers can control these services:
Sendmai l
Sshd
Vsf t pd
St unnel ,
Gdm
Nf s
Por t map
Sl adp
Dovecot
Al l xi net d based ser vi ces

TCP wr apper s uses mai n t wo f i l es / et c/ host s. al l ow and
/ et c/ host s. deny.

Client Validating process by TCP wrappers

RH302


- 211 -
When cl i ent r equest f or cer t ai n ser vi ces i t checks f i r st i n
/ et c/ host s. al l ow whet her cl i ent i s l i st ed or not i f l i st ed
expl i ci t l y al l owed t o access t he ser vi ce. I f not l i st ed
t hen checks t he / et c/ host s. deny f i l e i f cl i ent l i st i n
mat ched i n host s. deny f i l e t hen deny t o access, i f not
mat ched t hen al l ow t o access t he ser vi ce.

Syntax: services:clients:options
Exampl e:
/etc/hosts.deny

Vsftpd: ALL EXCEPT .example.com
nfs,portmap : ALL EXCEPT .example.com,
trusted.craker.org
sshd:ALL
dovecot: ALL EXCEPT .example.com EXCEPT
station10.example.com

You can use t he ALL, EXCEPT oper at or t o al l ow or deny t he
ser vi ces. Fi r st Exampl e vsf t pd al l owed t o access onl y f r om
exampl e. com domai n, second exampl e al l owed t o access nf s
and por t map f r om exampl e. com domai n and t r ust ed. cr acker . or g
host . Thi r d exampl e deny t o l ogi n usi ng ssh f r omany host .

I f mul t i pl e i nt er f ace ar e connect ed i nt o you machi ne and
want s t o al l ow or deny on i nt er f ace basi s:

sshd@192.168.0.1: ALL EXCEPT .example.com
sshd@192.168.1.1 : ALL
RH302


- 212 -

I n t hi s exampl e i f ssh l ogi n t o 192. 168. 0. 1 al l ow f r om
exampl e. comdomai n but ssh l ogi n t o 192. 168. 1. 1 deny

Si mi l ar l y you can set mul t i pl e opt i ons whi l e al l owi ng or
denyi ng.

Exampl e:
Sshd: ALL :spawn echo Someone trying to attack
through ssh to %s from %c | mail s Danger admin

By t hi s exampl e, when anyone t r y t o l ogi n usi ng ssh i nt o
ser ver i t wi l l sends t he mai l t o admi n user wi t h ser ver
( %s) i nf or mat i on as wel l as Cl i ent ( %c) i nf or mat i on.

Securing Xinetd Based services
TCP wr apper s can cont r ol xi net d based ser vi ces l ocat ed i n
/ et c/ xi net d. d/ di r ect or y. To al l ow or deny t o t r ansi ent
ser vi ces, you need t o know t he ser ver pr ogr amof ser vi ces.

Here is the output of /etc/xinetd.d/telnet file
Ser vi ce t el net
{
di sabl e = no
f l ags = REUSE
socket _t ype = st r eam
wai t = no
user = r oot
RH302


- 213 -
ser ver = / usr / sbi n/ i n. t el net d ser ver pr ogr am
name
l og_on_f ai l ur e +=USERI D
i nst ances = 20
per _sour ce = 1

}

Controlling telnet connection
#vi / et c/ host s. deny
i n. t el net d: ALL EXCEPT . exampl e. com

Si mi l ar l y xi net d i t sel f has i t s own mechani sm t o cont r ol
t he ser vi ce.
/ et c/ xi net d. conf i s t he gl obal conf i gur at i on f i l e, i f you
make any changes on t hi s f i l e, i t af f ect s al l xi net d based
ser vi ces.

Ther e ar e t hr ee di r ect i ves t o cont r ol xi net d based ser vi ce
Access_f r om= 192. 168. 0. 0/ 24
No_access = 192. 168. 0. 100
Access_t i mes = 09: 39- 17: 30

Controlling Telnet
Here is the output of /etc/xinetd.d/telnet file
Ser vi ce t el net
{
RH302


- 214 -
di sabl e = no
f l ags = REUSE
socket _t ype = st r eam
wai t = no
user = r oot
ser ver = / usr / sbi n/ i n. t el net d ser ver pr ogr am
name
l og_on_f ai l ur e +=USERI D
i nst ances = 20
per _sour ce = 1
Access_f r om= 192. 168. 0. 0/ 24
No_access = 192. 168. 0. 100
Access_t i mes = 09: 39- 17: 30

}

I t al l ows t el net connect i on f r om 192. 168. 0. 0/ 24 net wor k
except 192. 168. 0. 100 bet ween 9: 30 amt o 17: 30 pm.
RH302


- 215 -
Introduction to iptables

I pt abl es i s t he def aul t packet f i l t er i ng t ool i n Li nux,
whi ch f i l t er packet s based on Layer 2, Layer 3 and Layer 4
of t he OSI Model .

Ther e ar e t hr ee t abl e t ypes i n i pt abl es
Fi l t er
Nat
Mangl e
Fi l t er t abl e i s used t o f i l t er t he packet s on t he basi s of
r ul es and chai ns, nat i s used t o t r ansl at e t he Net wor k
Addr ess, mangl e i s t he combi ned f eat ur es of nat and f i l t er .

Si mi l ar l y f i l t er uses di f f er ent chai n: I NPUT, OUTPUT,
FORWARD, POSTROUTI NG and PREROUTI NG.
Chai n Tabl es suppor t
I NPUT Fi l t er , mangl e
OUTPUT Fi l t er , mangl e
FORWARD Fi l t er , mangl e
POSTROUTI NG Nat , mangl e
PREROUTI NG Nat , mangl e

INPUT: Thi s chai n i s used t o f i l t er t he packet s comi ng i nt o
t he l ocal syst em. I t checks bef or e ent er i ng i nt o t he
syst em.
OUTPUT: Thi s chai n checks t he out goi ng l ocal l y gener at ed
packet s.
FORWARD: Thi s chai n checks t he f or war di ng packet s f r om one
net wor k t o anot her net wor k.
RH302


- 216 -
POSTROUTING : Thi s chai n t r ansl at e t he addr ess af t er
l eavi ng t he syst em.
PREROUTING : Thi s chai n Tr ansl at e t he addr ess bef or e
ent er i ng i nt o t he syst em.

#iptables L : Def aul t t abl e i s f i l t er so i t l i st s t he
chai n as wel l as r ul es conf i gur ed t o f i l t er .
#iptables F : I t f l ush al l r ul es.

#iptables t nat L : I t di spl ays al l Net wor k addr ess
t r ansl at i on r ul es.

Let s go t o appl y t he f i l t er r ul es, bef or e t hat you need t o
know t he opt i ons used t o f i l t er .

-p protocol name (Layer 4)
-i Incoming Interface
-o Outgoing Interface
-s Source Address
-d Destination Address
--sport Source Port
--dport Destination Port

Exampl e:
#iptables t filter A INPUT s 192.168.0.100 p
tcp --dport 8080 j DROP

RH302


- 217 -
Act i on can be DROP, ACCEPT, LOG. I n above exampl e
connect i on t o 8080 por t i s dr opped.

#iptables t filter A INPUT s ! 192.168.0.0/24 p
tcp dport 20 j DROP
I t deny t he f t p connect i on f r om out si de t he 192. 168. 0. 0/ 24
net wor k.
#iptables t filter A OUTPUT -d 192.168.1.1 p
tcp --dport 23 j DROP
Whi ch dr ops t he t el net connect i on t o 192. 168. 1. 1 f r om l ocal
syst em

# iptables t filter A FORWARD s 192.168.0.10 d
192.168.1.10 p tcp --dport 25 j DROP

Order of checking rules
i pt abl es checks t he r ul es f r omt he t op, when one r ul e mat ch
i t appl y. When r ul e doesn t mat ch i t appl y t he chai n
pol i cy.

You can conf i gur e t he chai n usi ng
#iptables P INPUT DROP
I t set t he pol i cy of I NPUT chai n dr op.

Af t er appl yi ng your own r ul es and chai n pol i cy you need t o
save i nt o f i l es t o appl y aut omat i cal l y at next r eboot .
#service iptables save
i t wi l l save your r ul es and pol i cy conf i gur at i on i nt o
/ et c/ sysconf i g/ i pt abl es f i l e.
RH302


- 218 -

# iptables F : It flush all rules

NAT ( Network Address Translation)
Nat al l ows t o t r ansl at e f r om pr i vat e i p t o publ i c, so i t
make possi bl e t o access t he publ i c net wor k as wel l as i t
hi des t he i nt er nal I P Addr ess.
Usi ng NAT we can conf i gur e f or SNAT ( Sour ce NAT) as wel l as
Dest i nat i on NAT ( DNAT) .
SNAT: Whi ch al l ows t o change t he sour ce addr ess, suppose I
my Li nux ser ver i s connect ed t o I SP usi ng l eased l i ne so I
got publ i c I P 202. 2. 2. 2, whi ch i s connect ed t o et h0 and
anot her et h1 devi ce connect ed t o my l ocal LAN havi ng I P
192. 168. 0. 1. Now t o shar e I nt er net ei t her I shoul d
conf i gur e Pr oxy ser ver or shar e t hr ough SNAT. When packet s
comes f r om pr i vat e LAN SNAT changes t he sour ce Addr ess t o
202. 2. 2. 2 and make possi bl e t o access t he i nt er net .

# iptables t nat A POSTROUTING s 192.168.0.0/24 j SNAT
-to-source 202.2.2.2

Si mi l ar l y you can use MASQUERADE i f you woul d l i ke t o
t r ansl at e t he addr ess i nt o what ever assi gned i nt o devi ce.

#iptables t NAT A POSTROUTING o eth0 j MASQUERADE
I f i p dynami cal l y changi ng i nt o et h0 i nt er f ace Masquer adi ng
i s good.
RH302


- 219 -

DNAT
Dest i nat i on NAT Al l ows t o change t he dest i nat i on addr ess.

When r equest f or www. exampl e. com comes i n my I nt er net
ser ver I shoul d r edi r ect t o 192. 168. 0. 1. Yes t hi s i s DNAT,
cl i ent r equest comes as a dest i onat i on t o 202. 2. 2. 2 but I
have t o r edi r ect i nt o anot her host .
#iptables t nat p tcp --dport 80 j DNAT --to-destination
192.168.0.1
#iptables t nat p tcp --dport 20 j DNAT to-destination
192.168.0.2
www
192.168.0.
1
mail
192.168.0.
2
ftp
192.168.0.
3
Example.com domain

ISP
Public IP : eth0
202.2.2.2
Private IP eth1
:202.2.2.2
RH302


- 220 -
*Good Luck

RH302 SG

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

RH302 SG

Enviado por

Direitos autorais:

Formatos disponíveis

RHCE

RH302 Study Guide

Você também pode gostar