This action might not be possible to undo. Are you sure you want to continue?
/etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system’s accounts, giving for each account some useful information like user ID, group ID, [...] Q. Can you explain /etc/passwd file format for Linux and UNIX operating systems? A. /etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system’s accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root). Understanding fields in /etc/passwd The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows. Root: Quote: 1. Username: (Root) -:It is used when user logs in. It should be between 1 and 32 characters in length. 2. Password:(x) -: An x character indicates that encrypted password is stored in /etc/shadow file. 3. User ID (UID): (0) -: Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups. 4. Group ID (GID): (0) :- The primary group ID (stored in /etc/group file) 5. User ID Info: (root) -: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command. 6. Home directory: (/root) -: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes / 7. Command/shell: (/bin/bash) -: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell. The permission on the /etc/passwd file should be read only to users x: 0 : 0 : root: /root: /bin/bash
(-rw-r–r–) and the owner must be root: Q:Can you explain /etc/shadow file used under Linux or UNIX?
A. /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon symbol. It contains one entry per line for each user listed in /etc/passwd file. For Example:root:$1$heLNU7cb$yLf9xPG/8o5LCmqpE.fVG0:14638:0:99999:7::: Quote: 1. User name : (root) -: It is your login name 2. Password: ( $1$heLNU7cb$yLf9xPG/8o5LCmqpE.fVG0) -: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits 3. Last password change (lastchanged): (14638 ) -: Days since Jan 1, 1970 that password was last changed 4. Minimum: (0) -: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password 5. Maximum: (99999) -: The maximum number of days the password is valid (after that user is forced to change his/her password) 6. Warn : (7) :- The number of days before password is to expire that user is warned that his/her password must be changed Note -------- In above example in only 6 field in show. Two next field in describe 7 & 8 option. 7. Inactive : The number of days after password expires that account is disabled 8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used The last 6 fields provides password aging and account lockout features (you need to use chage command to setup password aging). According to man page of shadow – the password field must be filled. The encrypted password consists of 13 to 24 characters from the 64 character alphabet a through z, A through Z, 0 through 9, \. and /. Optionally it can start with a “$” character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with “$1$” it means the MD5-based algorithm was used.
/etc/group is a file that defines the groups to which users belong. In Linux multiple users can be categorized into groups. Linux file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals.
It stores group information or defines the user groups i.e. it defines the groups to which users belong. There is one entry per line, and each line has the format (all fields are separated by a colon (:)
group_name: (ccache ) -: It is the name of group. If you run ls -l command, you will see this name printed in the group field. Password: (x) -: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups. Group ID (GID): (497) -: Each user must be assigned a group ID. You can see this number in your /etc/passwd file. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.
Q-: What is umask and how is it determined on a Linux system?
A-: The user file-creation mode mask (umask) is use to determine the file permission for newly created files. It can be used to control the default file permission for new files. It is a four-digit octal number . Procedure to setup default umask:You can setup umask in /etc/bashrc or /etc/profile file for all users. By default most Linux distro set it to 0022 (022) or 0002 (002). vi /etc/profile or umask 022 Save and close the file. Changes will take effect after next login. vi ~/.bashrc Append/modify following line to setup a new umask:
Q-: But what is 0022 and 0002?
A-: The default umask 0002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664. The default umask for the root user is 0022 result into default directory permissions are 755 and default file permissions are 644. For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw). To calculate file permission for 022 (root user): Default Permissions: 777 Subtract umask value: 022 (-) Allowed Permissions: 755 To calculate directory permission for 022 umaks (root user):
Default Permissions: 666 Subtract umask value: 022 (-) Allowed Permissions: 644
Meaning in chmod command in linux :chmod 400 file
To protect a file against accidental overwriting.
chmod 500 directory
To protect yourself from accidentally removing, renaming or moving files from this directory. chmod 600 file A private file only changeable by the user who entered this command. chmod 644 file A publicly readable file that can only be changed by the issuing user. chmod 660 file Users belonging to your group can change this file, others don't have any access to it at all. chmod 700 file Protects a file against any access from other users, while the issuing user still has full access. chmod 755 directory For files that should be readable and executable by others, but only changeable by the issuing user. chmod 775 file chmod 777 file Standard file sharing mode for a group. Everybody can do everything to this file.
How do you enable iptables to open ip ports used by Red Hat Enterprise Linux 5 Cluster Suite?
Listed below are example iptables rules for enabling IP ports needed by the Red Hat Cluster Suite. Note: Replace 192.168.5.0/24 with the appropriate subnet. 1. cman (Cluster Manager) UDP Ports 5404, 5405: iptables -I INPUT -m state --state NEW -m multiport -p udp -s 192.168.5.0/24 -d 192.168.5.0/24 --dports 5404,5405 -j ACCEPTiptables -I INPUT -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport -p udp -s 192.168.5.0/24 --dports 5404,5405 -j ACCEPT 2. ccsd (Cluster Configuration System daemon) TCP Ports 50006, 50008, 50009:
iptables -I INPUT -m state --state NEW -m multiport -p tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dports 50006,50008,50009 -j ACCEPT
3. ccsd (Cluster Configuration System daemon) UDP Port 50007:
iptables -I INPUT -m state --state NEW -p udp -s 192.168.5.0/24 -d 192.168.5.0/24 --dport 50007 -j ACCEPT
4. dlm (Distributed Lock Manager) TCP Port 21064:
iptables -I INPUT -m state --state NEW -p \ tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dport 21064 -j ACCEPT
5. rgmanager (High-availability Service Management daemon) TCP Ports 41966, 41967, 41968, 41969:
iptables -I INPUT -m state --state NEW -m multiport -p \ tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dports 41966,41967,41968,41969 -j ACCEPT
6. ricci (part of Conga remote agent) TCP Port 11111:
iptables -I INPUT -m state --state NEW -p tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dport 11111 -j ACCEPT
7. luci (Conga User Interface server) TCP Port 8084:
iptables -I INPUT -m state --state NEW -p tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dport 8084 -j ACCEPT
8. modclusterd (part of Conga remote agent) TCP Port 16851: 9. iptables -I INPUT -m state --state NEW -p tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dport 16851 -j ACCEPT 10. gnbd (Global Network Block Device) TCP Port 14567:
iptables -I INPUT -m state --state NEW -p tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dport 14567 -j ACCEPT
11. After applying the iptables rules, save the configuration for the changes to be persistent during reboot.
12. service iptables save
What ports need to be open for DNS to operate?
DNS uses both the TCP and UDP protocols. Lookups performed by clients primarily (but not exclusively) use UDP - when the response data exceeds 512 bytes, the UDP query will fail and the resolver will retry using TCP. Other DNS functions such as zone transfers use TCP exclusively. DNS servers need to be reachable on port 53 ("domain") for both TCP and UDP from their clients (often, the whole internet); the standards do not prescribe a specific source port for DNS requests, so the source port is arbitrary. Additonally, on systems that are running BIND9 as part of a zone that (as recommended) has multiple name servers, the servers need to be able to connect to each other on TCP port 953 ("rndc") so they can push changes out to their peers rather than wait for them to refresh their cached information.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.