REDHATEN NTERPRISEL LINUX TR RAINING N

Trainer Mr.KaoSereyrath T r: h
UpdatedYe ear2010 MSc.IT T(SMU,India),BSc.IT(NU) ICTMa anager,Sam micMicrofina ance PartTimeComput terlecturer,NortonUniversity

HISTORYOFREDHATENTERPRISELINUX
Starting in2001, RedHat,Inc.beganoffering RedHat EnterpriseLinuxinadditionto theiroriginal consumeroperatingsystem,Red HatLinux.In 2003,Red Hatstartedthe Fedora Projecttorelease theFedoraCoreoperatingsysteminsteadofRedHatLinux. The Fedora Project progresses at a rapid rate, releasing a new version of Fedora every four to six months.Thisallowsnewtechnologiestobetestedbymillionsofusers,whichinturndecreasesthe amount of time it takes for these technologies to stabilize into production ready software. Each releaseofRedHatEnterpriseLinuxisbasedonaFedoraoperatingsystemrelease.Thekernelandall of the other software in Red Hat Enterprise Linux are specifically configured and tested for enterpriselevelusage. BothRedHatEnterpriseLinuxandFedoraarebasedonopensourcesoftwaredevelopedbytheopen source community, some of whom are members of the Red Hat engineering team. The term open sourcemeansthattheprogrammingcodeisfreelyavailabletoanyoneandthatanyonecansubmit code to an existing open source project as long as the code stays open source. New projects or programs can be created based on a different open source project or program. Open source developersliveallovertheworld,andtheycollaborateonprojectseverydaytogether.

INSTALLINGRED DHATENT TERPRISE ELINUX

Inthisbook, ,wewouldg guideyouon nhowtoinstallRedHatEnterpriseL Linux5throu ugh: 1. VMw wareWorkst tation6.0 2. Boot tableRedHatEnterprise5DVD I InstallRedHa atEnterpriseLinuxwith hVMwarew workstation6 a SupposeyouinstalledVMware6 a. 6completely y. b ClickFilemenu>New b. w>VirtualM MachineorpressCtrl+N c ClickNex c. xtbuttonandselectCus stom d InHardw d. warecompatibilitybox,s selectWorks station6 e Selectasbelowdialo e. og:

f Namingy f. yourvirtualmachinefile eandselectt thepathofy yourvirtualmachinefile e

g In Numb of Proce g. ber essor dialog, select Two if your computer is having 2 pro , o h ocessors suchasD DualCoreorCore2DuoProcessor. h In Memo dialog, t h. ory type the am mount of Me emory to allocate in th Virtual m his machine. Lookatb belowsample:

i. InNetwo . orkconnectio ondialog,se electUsebri idgeNetwor rking j. InSCSIAd dapters,sele ectLSILogic c k Andthen k. nselectCrea ateanewvir rtualdisk l. InVirtualDisktyped . dialog,select tSCSI m InDiskca m. apacitydialo og,typethe sizeofvirtu ualharddisk kyouwantt toset.Forex xample, 20GBand dselectAllo ocatedisksp pacenowandclickNextandFinish n In the Device panel double cli on CDR n. l, ick ROM and se sample b ee below to select the usedincaseyouprefer tosetupthe eRedhatenterprise location ofyourISO file(thisisu manISOfile e): linuxfrom

II

InstallfromBootableRe edHatEnterp priseLinux5 5DVD 1 Youneed 1. dtohaveab bootableDVD 2 Makesur 2. reyourBIOS Ssettingisco onfiguredto obootoffCD DROMdevice e 3 PressEnt 3. tertoinstall inGraphicm modeortyp pelinuxtextandEnterto oinstalltext tmode

4 PressOK 4. Ktotestyour rDVDbefore einstallation n,orPressS Skip

5 InWelcomeMessage 5. edialog,clic ckNextbutto on 6 SelectEn 6. nglish(Englis sh)language

7 SelectUS 7. SInternation nalasyourk keyboardset tting

his, 8 Click Skip entering installation Number. If you skip th you wo 8. p ont be able to get e supporto oronlineupdatefromth heRedHatIn nc.

9 Click Yes to erase all data in th disk. You will see th message when your disk is 9. s he u his e r unallocat ted.

1 SelectRe 10. emoveallpa artitionsonselecteddrivesandcrea atedefaultlayoutifyou uwant thesetup ptodeletea allpartitionsandcreatethestandard dpartitionsforRedHat enterpris selinux. SelectRe emovelinuxpartitionso onselectedd drivesandc createdefau ultlayoutwilllet thesetup ptoremoveonlyalllinuxpartitionsandcreates standardpartitions.

SelectUs sefreespace eonselecte eddrivesand dcreatedef faultlayoutmeansallow wsetup tomanag gethefree/u unallocatedpartitionsto ocreatestan ndardslinuxpartitions. SelectCreatecustom mlayoutmea anstomana agepartition nbyyourow wn. difypartitioninglayouttoeditthed defaultparti itionsthatare TickReviewandmod byLinux. createdb

1 In Linux, only 3 bas partitions are required during installation. Those are / (root 11. sic dswap.Whe erethesizeo ofswappart titionequals stosizeofm memory partition),/bootand M,orLogicalVolumeM Manager,isa astoragema anagements solutionthatallows 2.LVM administratorstodiv videharddr rivespacein ntophysical volumes(P PV),whichcanthen bined into lo ogical volum groups (VG), which are then divided into logical me h d o be comb volumes(LV)onwhichthefilesy ystemandm mountpointa arecreated.

1 A boot lo 12. oader must be installed to boot in the operating system. The GRU boot d nto UB loaderis installedby ydefault.Op ptionssucha asenabling abootloade erpassword dcanbe . selected.

1 Below dialog allows you to de 13. s efine your servers name and configuring DNS and GatewayIPaddress.

1 ClickEdit 14. tbuttontos specifystatic cIPaddress.

1 SelectAs 15. sia/Phnom_Penhasyou urregion.

1 Specifyth 16. herootpass sword.

1 Selectde 17. efaultsoftwa areinstallationtoinstallthetypicalsoftwareo a orselectCustomize s Nowtoin nstallandch hoosemorepackages.

1 Selectmo 18. oresoftware epackagest thatyoupref fertoinstall. l

1 ClickNex 19. xttobeginyourinstallat tion.

UNDERSTANDINGLINUXCONCEPT
FILESYSTEMHIERARCHY The location of the files and directories in a Red Hat Enterprise Linux system are based on the FilesystemHierarchySystem(FHS)guidelines.ThepurposeoftheFHSistoprovideguidelinesforfile anddirectorylocationsforUNIXbasedoperatingsystemssuchasLinux. Insteadofanadministratorsearchingtheentirefilesystemforaparticulartypeoffile,hecanknow thatitwillbeinoneofafewestablishedlocations.Forexample,mostconfigurationfilesareinthe /etc/directory,andlogfilesareinthe/var/log/directory. Because the FHS defines the /var/log/ directory as the location for log files, it is easy for an administratortofindthelogfilessheislookingforbecausetheyareallinonecommondirectory.

Somecommondirectory
Directory
/bin/ /usr/bin/ /sbin/ /usr/sbin/ /tmp/ /usr/local/ /usr/share/man/ /usr/src/ /var/ /var/log/ /etc/ /proc/ /dev/

FHSPurpose
Essentialcommandsforadminsandusers Commoncommandsforadminsandusers Essentialcommandsforadmins Commoncommandsforadmins Temporaryfilesforallusers Locationforlocallyinstalledsoftwareindependentofoperating systemupdates Manualpages Sourcecode Variabledatafilessuchasspoolfilesandlogfiles Logfiles,canincludesubdirectories Configurationfiles,canincludesubdirectories Kernelvirtualfilesystem Devicefiles

12

SHELLBASIC S C Even though Red Hat Enterprise L h E Linux provide a graphic desktop and graphical applications for es cal mostadministrationtas sks,itiswise etoknowth hebasicsofthecomman ndline,alsoknownastheshell ed w y essing a prompt. For example, you will nee to know how to use the shell prompt if you are acce systemremo s otelywithou utXforward ding,working gwithasyst temthatdoe esnothavea agraphicaldesktop installed, try ying to diag gnose a pro oblem with the X Wind dow System, or booting into rescue mode , g withoutagr w raphicaldesk ktop. There are tw ways to start a she prompt. If the X Wi T wo o ell indow Syste is not installed, the system em defaultstoa ablackscree enwithalog ginprompt.A Afteryoulog gin,youare eatashellp prompt. Ifyouhave agraphical desktopinstalled,login ntothesyste ematthegraphicalloginscreen,andthen startashellpromptby clickingont theApplicationsmenuo onthetopp panelandselectingAcce essories, Terminal.Aterminalwindowassho T ownbelow.

So,comman S ndscanbee executedto navigatear roundthefil lesystem,re eadfiles,startapplicatio ons,and performadm ministrativetasks. Bydefault,t thepromptlooksliketh hefollowing g: [root@redhatserver~]# # Thef firstwordbe eforethe@symbolisth heusername eofthepers soncurrentlyloggedin. Thew wordaftert the@symbo olisthehost tnameofthesystem. The ~ symbol means that t current working dir m the rectory is th home dir he rectory of th user. he enyoustarta aterminal,t thedefaultd directoryisy yourhomed directory. Whe

Somebasiccommandyoushouldknow: Tochangetoadifferentdirectory,usethecd<directory>command. cd../httpdtakesyouuponedirectoryandthendownintothehttpddirectory. Tocreateadirectory,usethemkdir<directory>command.Thedirectory willbecreatedin currentdirectory.Ifyouwanttocreateproject1directoryin/home/rathyoucantypemkdir /home/rath/project1 Toremoveanemptydirectory,invokethermdir<directory>command. Toforcetheremovalofadirectorywithallthefilesandsubdirectorieswithinthatdirectory, usethermrf<directory>command. Toremoveafile,usetherm<file>command. Usethels<directory>commandtoviewthecontentsof<directory>. TolistalltheOpenOffice.orgtextdocuments,usethels*.odtcommand,orthelsstatus*to find all files whose filename begins with status. Multiple wildcards can be used such as ls *status*tolistallfilesthathavestatussomewhereintheirname. To copy a file from one location to another, use the cp <from> <to>. For example: cp status.txtdir1/. Themv<from><to>commandissimilartothecpcommand.Theonlydifferenceisthatthe original<from>filewillnolongerexistafterthemoveoperation. Insteadoftypingtheentirecommand,youcantypethefirstfewcharactersofitandpressthe Tabkey,thenitwillshowthepossibilitiesmessageasbelow: Displayall112possibilities?(yorn) PresstheYkeytodisplayalltheresults,orpresstheNkeytogobacktothepromptand typeafewmorecharacterstothedesiredcommand. If you have ever forgotten a recently used command or forgotten which command line argumentsyouusedforaparticularcommand,youcanusehistorycommand.Orifyouwant tofiltersomepartofcommandyoucanuse:history|greppartofthecommand Thecommandcleartoclearthescreenandplacethepromptatthetopofthescreen. locate .odt to find all OpenOffice.org text files or locate compare to find all filenames that containthewordcompare.Theonlycatchtothiscommandisthatitreliesonthegeneration of a database file so it can quickly display results. The locate command is provided by the mlocate package, which also provides the cron script /etc/cron.daily/mlocate.cron to automaticallygeneratethisdatabasedaily.

14

The find command is a bit more complicated to use and takes longer to produce results because it does not rely on a database to produce results. Because it takes longer, it is possibletospecifyaspecificdirectorytolookin.Thebasicsyntaxisasfollows: find <directory> name <filename>. To search in the current directory and below, replace <directory>withadot(.)charactersuchasfind.nameguidelines.txt

Ifyouknowacommandexistsonthesystembutkeepgettingtheerrormessagecommand notfound,checktomakesureyouaretypingthecommandcorrectly.Otherwise,itmightnot beinyourPATHenvironmentvariable.ToviewthevalueofyourPATH,executethecommand echo$PATHfromthecommandline.Asyoucansee,yourPATHisalistofdirectories.When youexecutea command withoutproviding itsfullpath, itmustbeinoneofthedirectories listedinyourPATH. Youcanprovidethefullpathtothecommandifyouknowit,suchas/sbin/lspcitoexecute thecommandtolistthePCIdevices. Toaddthe/usr/sbin/and/sbin/directoriestoyourPATH,addthefollowingline: exportPATH=:$PATH:/usr/sbin:/sbin

To verify which command you are executing, type the command which <command>. If a match to the command is found in the directories from your PATH, the full path to the commandisdisplayed.

To read a text file such as a configuration file without having to open a text editor. This is possiblewiththeless,more,andcatcommandlineutilities.

Youcantypelessoutput.txt,more/var/log/messages,orcat/etc/sysconfig/network. Withthelesscommand,thePageUpandPageDownkeyscanbeusedtoscrollupanddown thecontentsofthefile.Themorecommandonlyallowsyoutoscrolldownthefileusingthe spacebartoadvance.Thecatcommandoutputsthecontentsofthefiletothecommandline andthenexits,soifthefileislongerthanthenumberoflinesinyourterminal,youwillonly seethelastpartofthefile. For example, to view only the kernel messages in the system log file, use the following command: cat/var/log/messages|grepkernel

15

Inste ead, you can temporarily start a te n erminal session as root. From a she prompt, execute ell thef followingcommandtotemporarilyb becometherootuser: su enyounolongerneedt toberoot,typetheexit tcommand andthenpr ressEnterto oreturn Whe toyo ourusershell.

Tore eadtheman nualpagefor racommand d,executem man<command>froma ashellprompt. To o open a file in Vi, type v <file> at t shell pr vi the rompt. If the file does not exist, it will be e creat tedwiththe efilenamey youprovided dthefirsttimeyousavedit.Touse eit,youmu usthave thev vimminimalRPMpacka ageinstalled d. tart making changes to the file or start typing content int a new fil change to insert o g to le, To st mode by pressing the i ke You will notice that the status at the bot ey. t ttom of the screen e ngestoINS SERT.Next t,starttypin ng. chan enyouarefinishedtypin ngthecontentsofthefil le,pressthe eEsckeytoe exitinsertm mode.To Whe saveafile,exitin nsertmode,type:w(the ewisforwr rite),andpre essEnter.

CommonV ViCommands

FILEPERMISSION Everyfileonyoursystemhasanaccompanyingsetofpermissionsbasedonownership. Youcanexaminethedefaultpermissionsforafileyoucreateby: $touchfile $lslfile rwrr1rootroot02009040123:46file The first character of the field is the type of file created: A dash is for a plain file, d is for directory, c for character device (such as aserial communications Ex: /dev/ttys0) and b for blockdevice(adevicethattransfersandcachesdatainblockEx:blocks/dev/hda). PermissionsRead,Write,andeXecutepermissionfortheowner,group,andotheruserson thesystem. Number of links to the fileThe number one (1) designates that there is only one file, whereasanyothernumberindicatesthattheremightbeoneormorelinkedfiles.Linksare createdwiththelncommand. The ownerThe account that created or owns the file; you can change this designation by usingthechowncommand. ThegroupThegroupofusersallowedtoaccessthefile;youcanchangethisdesignationby usingthechgrpcommand. Filesizeandcreation/modificationdateThelasttwoelementsindicatethesizeofthefilein bytesandthedatethefilewascreatedorlastmodified. AssigningPermissions Under Linux, permissions are grouped by owner, group, and others, with read, write, and execute permissionassignedtoeach,likeso: r=openandreadfile=4 w=openandwritefile=2 x=executethefileorreaddirectory=1

Owner rwx 4+2+1=7

Group rwx 4+2+1=7

Others rwx 4+2+1=7

17

Usingchmodcommandtomodifypermission $chmodawreadme.txt $lslreadme.txt rrr1andrewandrew12Jan216:48readme.txt Someoptionyoucouldusewithchmodcommand: uAddsorremovesuser(owner)permission gAddsorremovesgrouppermission oAddsorremovesforothersnotinafilesgroup aAddsorremovesforallusers rAddsorremovesreadpermission wAddsorremoveswritepermission xAddsorremovesexecutionpermission Ex: $chmodu+rwreadme.txt $lslreadme.txt rw1andrewandrew02007102319:08readme.txt Or $chmod600readme.txt INITIALIZATIONSCRIPT NetworkservicessuchastheApacheHTTPServerandDHCPalongwithotherprogramssuchascron and syslog require a daemon to be running at all times. The daemon performs actions such as listening for connections to a service on specific ports, making sure commands are executed at specific times, and capturing data such as log messages when they are sent out by other programs.Programs that require a daemon to be started have an initialization script in the /etc/rc.d/init.d/directory. Thisprogramfirstexecutesthe/etc/rc.d/rc.sysinitscripttoperformactionssuchasloadingkernel modules for hardware support, loading the default keymap, and setting the hostname. The

18

/etc/inittabscriptisrunnext,whichthentellsinitwhichrunleveltostart.Therunleveldefineswhich servicestostartatboottime,orwhichinitializationscriptstoexecute. Lastly, the /etc/rc.d/rc.local script is executed. Commands can be added to this file for custom initialization. The initialization scripts can also be used to start, stop, and restart services after the system has booted.Theseactionsareperformedwiththeservicecommandastherootuser. Toperformanaction,usethefollowingsyntax: service<service><action> Forexample,thefollowingstartstheOpenSSHservice: servicesshdstart RUNLEVELS How does the system know which initialization scripts to run so that only the desired services are started at boot time? Linux uses the concept of runlevels to define which services to start at boot time. Thereare7runlevels,witheachhavingitsowngeneralpurpose: 0 1 2 3 4 5 6 Haltthesystem Singleusermodeorrescuemode Notused Multiusermodewithtextlogin Notused Multiusermodewithgraphicallogin Reboot

EachrunlevelhasitsowndirectorynamedrcX.din/etc/rc.d/,whereXistherunlevelnumber.Each ofthesedirectoriescontainssymboliclinkstotheactualinitializationscriptsin/etc/rc.d/init.d/.Each symbolic link start with the letter S or K followed by a number. The S stands for start, and the K standsforkill,whichmeanstostopaprocess.Whenarunlevelisinitialized,alltheservicesstarting withKarestoppedfirst,andthenalltheservicesstartingwithSarestarted.

19

ChangingtheDefaultRunlevel
By default, Red Hat Enterprise Linux boots into runlevel 5 with a graphical login screen and a graphicaldesktoponcetheusersuccessfullyauthenticates.Runlevel3isessentiallythesameexcept thetextloginisused. Thedefaultrunlevelisconfiguredonthefollowinglinefromthe/etc/inittabfile: id:5:initdefault: Tochangetoadifferentrunlevelwithoutrebootingthesystem,pleasetypethecommand: init<runlevel>

Configuringrunlevel
To configuring which services are started for a runlevel, use one of three programs: chkconfig (commandlineonly),ntsysv(simpletextbasedapplicationthatdoesntrequireagraphicaldesktop), ortheServiceConfigurationTool(graphicalapplication). The chkconfig command can be used to configure runlevels and list the current runlevel configuration.Itmustberunasrootifmodifyingarunlevel. Tolistthestatusofallservices,executethechkconfiglistcommand. httpd Tolistthestatusforjustoneservice,providethenameoftheservice: chkconfiglist Tomodifywhethertheserviceisturnedonorofffortherunlevel,specifytheservicenameandthen on,off,orreset.Setittoontohavetheservicestartedatboottime.Setittoofftohavetheservice stopped at boot time. Setting it to reset resets the values of all runlevels to the defaults from the initializationscript.Thesyntaxisasfollows: chkconfig<service>[on|off|reset] OR chkconfiglevel<levels><service>[on|off|reset] <service> 0:off 1:off 2:off 3:off 4:off 5:off 6:off

20

WORKINGW W WITHRPMS SOFTWARE A large part of a system administrators job is to maintain the software on a co A t m s ompanys servers as wellasthe softwareon w ntheusers desktops.R RedHatNet tworkisbasedonasoft twaremaint tenance dRPM(RedHatPackage eManager). utilitycalled AproperRP A PMfileshouldfollowasp pecificnamingconvention: <packagena < ame><versio on><releas se>.<arch>.rpm Forexample e,pciutils2. .2.11.2.i386 6.rpmisthe eRPMfilena ameforthe 1.2release ofversion 2.2.1of thePCIutilit t tiessoftware epackagebu uiltforthei3 386architec cture. Whythepackageneeds W stohavedif fferentarchitecture? ferentproce essorsmustu usedifferentsoftwareli ibraries,hav vedifferents systemcalls, ,and Becausediff utilize different optimizations, sof ftware must be built w t with the pr roper versio of the compiler on chitecture. compatiblewiththearc
System Arch S hitectures Us by RPM sed

Installing So oftware

Installingan nRPMpacka agecanbed doneviathe ecommand lineoragra aphicalprogram.Becaus sesome systemssuc chasservers sdonotalw wayshavea graphicalde esktopinsta alled,itisim mportantto learnat least the basics of how to use the comman ndline version of RPM The command is sim M. mple to mcommand. remember:Itistherpm

Before insta alling any so oftware, con nfirm that it was packag by a tru ged usted source and has no been e ot alteredsincethetruste edsourcebu uiltit.Thisp processisdo onebychec ckingtheGP PGsignature eofthe package. mporttheGPGsignature eofthetrus stedpartywiththe First,astherootuser,im rt<keyfile>command,w where<keyf file>isthefilecontainingthekey. rpmimpor Key files fo software distributed by Red H can be found in th root directory of the first or d Hat he installationCD: To verify that the key was importe properly, execute th rpm qa g T w ed , he gpgpubkey command If you y* d. GKEYredhat treleaseke ey,theoutpu utwillbesim milartothef following: importedtheRPMGPG gpgpubkey g y370171864 45761324 Toviewthedetailsofth T hekey,execu utetherpmqigpgpub bkey370171 1864576132 24command d. After impor A rting the key the signature on the package ca be verifie with the rpm K <r y, e an ed e rpmfile> command. gewasnotc corruptedsin nceitwassigned,theou utputwillincludetheph hrasemd5gpgOK. Ifthepackag Ifthepackag geisnotsign ned,theout tputwillincludeoutputsuchas:NO OTOK. Ifyouhaven ntimportedthecorresp pondingpublickey,thef followingme essageisgiven:MISSING GKEYS.

Afterverifyingthatthepackageistr A rustworthy,installitwit ththiscomm mand: rpmfile> rpmUvh<r TheUvharg T gumentstelltherpmco ommandtoi installthepa ackage(U),displayverb boseinformation aboutthein a nstallation(v v),anddispl laytheprog gressofthei installation (h)withhas shmarks(#) ). Forexample e:Toinstalls somepackag gesinRedHa atLinuxEnte erpriseDVD. 1. Youneedtochangetothep packagedirectoryintheDVDby: media/RHEL L5i386Disc c/Server cd/m 2. Soifyouwantto oinstalltftppackages:

Sometimesa S apackagere equiresadditionalRPMpackagestobeinstalled dorupdated d.

To solve thi problem, Download t addition package as well and install all the packages at the T is the nal s sametime: rpmfile1><r rpmfile2> rpmUvh<r Ifthepacka ageisalread dyinstalleda andyouonl lywantto u upgradethe package, usethe F ar rgument instead: packagenam me><version n_number>.<arch>.rpm rpmFvh<p

OptionalrpmArgumentsWhenInstallingorUpdating Argument nodeps Description Install or upgrade the package without checking for dependencies. The software will most likely not function properly without the softwaredependenciesinstalled.IfyoucontactRedHatsupportwith problems,theywillmostlikelyaskyoutoreproducetheproblemon asystemwhereallpackagedependencieshavebeensatisfied. excludedocs oldpackage test Donotinstallpackagesmarkedasdocumentationfilessuchasman pages. Allowapackagetobereplacedwithanolderversion. Check for potential conflicts such as package dependencies but do notinstallthepackage. Toremoveapackage,issuethefollowingcommand: rpme<packagename> Noticethatthistime,only <packagename>isused,notthefullname ofthefileused to installthe software. Ifmultipleversionsofapackageareinstalled,youcanuse: rpme<packagename><version><release> Ifthepackagethatdependsonthepackageyouaretryingtoremoveisstillneededonthesystem, youshouldnottrytoremovethepackage.Ifthepackagethatdependsonthepackageyouaretrying toremoveisalsonotneeded,bothmustberemovedatthesametimetoresolvethedependency: rpme<packagename1><packagename1> Ifaconfigurationfileispartofthepackagebeingremovedbutithasbeenmodified,thefilewillbe renamedinsteadofremovedwiththe.rpmsaveextension,andamessagesimilartothefollowingis displayed: warning:/etc/sysconfig/sambasavedas/etc/sysconfig/samba.rpmsave Whatifyouwanttoverifythatthefilesassociatedwithapackagehaventbeencorrupted? ifyoususpectyoursystemhasbeenaccessedbyanonauthorizeduser,youcanverifythatthefiles fromapackagehavenotbeenchangedwiththeRPMverifyfeature.

24

Iftheverifyfunctionisused,filepropertiessuchasfilesize,MD5sum,filepermissions,filetype,and fileownershiparecomparedtotheoriginalvaluesstoredintheRPMdatabase. Toverifythatthefilesareassociatedwithapackage,usethefollowingcommand: rpmV<packagename> Ifnooutputisreturned,thefilesfromthepackagehavenotbeenmodifiedsinceinstallation.Ifafile, suchasaconfigurationfile,hasbeenmodified,theoutputissimilarto: .M.....T/etc/httpd/conf/httpd.conf

RPMVerificationCodes
Code S M 5 D L U G T
Querying Package Files

Explanation Filesizehaschanged Modehaschanged,includingfilepermissionsandfiletype MD5sumhaschanged Devicemajororminornumberhaschanged Thepathofthesymboliclinkhaschanged Theownerofthefilehaschanged Thegroupofthefilehaschanged Thelastmodifiedtimehaschanged

How do you know which files are associated with which RPM packages? You can query the RPM databaseandfindout: rpmqf<filename> The <filename> must be the full path to the file. If the file is associated with an RPM package installed,thenameofthepackageandtheversioninstalledisdisplayed.

Toquerythepackageofthecommand,youcoulduse: rpmqf`which<filename>`

Toretrievealistofconfigurationfilesfromapackageinstalled,usethefollowingcommand: rpmqc<packagename>

Asimilarquerycanbeperformedtolistanydocumentationfilesinstalledwithapackage: rpmqd<packagename> Note:DocumentationfilesincludemanpagesandtextorHTMLformattedfilesin/usr/share/doc/ installedbythepackage.

25

SYSTEMADMINISTRATION Managinguserandgroup
EachuseronaRedHatEnterpriseLinuxsystemisassignedauniqueuseridentificationnumber,also knownasaUID.UIDsbelow500arereservedforsystemuserssuchastherootuser. BydefaultinRedHatEnterpriseLinux,whenauserisadded,aprivateusergroupiscreated. Bydefault,thedirectory/home/<username>/iscreatedastheusershomedirectory.

Adding/modifying/deletinguser
Thebasicsyntaxtocreatenewuserisuseradd<option><username>.

Someoptionsyoucanusealongwithuseraddcommand: CommandLineoption c<fullname> d<directory> e<date> g<group> G<group> p<password> s<shell> u<uid> Tomodifytheuserusermod<options><username>. Tocreateapasswordfortheuser,usethecommandpasswd<username>. Todeleteuseruserdel<username>.Toremovetheusershomedirectoryandmailspool,usethe userdelr<username>command. Description Fullnameoftheuser(oracommentabouttheuser).Ifmorethan onewordisneeded,placequotationmarksaroundthevalue Homedirectoryfortheuser.Thedefaultvalueis/home/ <username>/ Dateonwhichtheuseraccountwillexpireandbedisabled.Use theformatYYYYMMDD(default:neverexpireordisable). DefaultgroupfortheuserspecifiedasagroupnameorgroupID number. CommaseparatedlistofadditionalgroupnamesorGIDstowhich theuserwillbeamember. Specifyanencryptedpasswordfortheuser Specifytheuserloginshellfortheuser.Thedefaultshellifnot specifiedis/bin/bash. IntegertousefortheuserID.Valueslessthan500arereservedfor systemusers.

26

ManagingGroup
A unique integer known as a GID is associated with each group. GIDs below 500 are reserved for systemgroupsjustlikeUIDsbelow500arereservedforsystemusers. Thebasicsyntaxtocreatenewuserisgroupadd<groupname>. TospecifyaGID,usethegroupaddg<gid><groupname>command. ThemodifythegroupsuchaschangingtheGIDofagroup,usethe groupmodg<gid><groupname>command. Tochangethenameofthegroup,usethegroupmodn<newname><groupname>command. Todeleteanexistinggroup,usethegroupdel<groupname>command.

Wheretheystore?
Alistofalllocalusersisstoredinthe/etc/passwdfile.Thisfileisinplaintextformatandisreadable byanyoneloggedintothesystem. Eachuserislistedonaseparateline,withthefollowingformat: username:password:uid:gid:real_name:/home/directory:shell Field Description username password uid gid real_name /home/directory shell Loginnamefortheuser.Cantcontainspacesortabs. Thexcharacterthatdenotestheencryptedpasswordisstoredin /etc/shadow.Ifshadowpasswordsarenotused,thisfieldcontains theencrypteduserpassword. Uniqueintegerusedastheuser ID. UniqueintegerusedasthegroupID. Fullnameoftheuser(notrequired). Fullpathtothehomedirectoryoftheuser. Loginshellfortheuser./bin/bashisthedefault.

Ifshadowpasswordsareused(thedefault),theencryptedpasswordsarestoredinthe/etc/shadow file. All users groups are stored in the /etc/group file, readable by everyone but only writable by root.Eachgroupislistedonaseparatelineinthefollowingformat: groupname:password:gid:users Thedefaultvaluesusedwhenaddingauserarestoredinthe/etc/default/useraddfile. ifyoueditthefile/etc/default/useraddyouwillsee:
#useradddefaultsfile GROUP=100 HOME=/home INACTIVE=1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel

27

28