Chapter 1: Introduction to Linux
1.1. What is Linux:
Linux is a generic term referring to the family of Unix-like computer operating systems that use the Linux kernel. Their development is one of the most prominent examples of free and open source software collaboration; typically all the underlying source code can be used, freely modified, and redistributed, both commercially and non-commercially, by anyone under licenses such as the GNU General Public License.
Linux can be installed on a wide variety of computer hardware, ranging from mobile phones, tablet computers and video game consoles, to mainframes and supercomputers. Linux is predominantly known for its use in servers; as of 2009[update] it has a <href=”#Servers” title=”Usage share of operating systems”>server market share ranging between 20–40%. Most desktop computers run either Microsoft Windows or Mac OS X, with Linux having only 1–2% of the desktop market. However, desktop use of Linux has become increasingly popular in recent years, partly owing to the popular Ubuntu, Fedora, Mint, and openSUSE distributions and the emergence of netbooks and smart phones running an embedded Linux.
Typically Linux is packaged in a format known as a Linux distribution for desktop and server use. Linux distributions include the Linux kernel and all of the supporting software required to run a complete system, such as utilities and libraries, the X Window System, the GNOME and KDE desktop environments, and the Apache HTTP Server. Commonly used applications with desktop Linux systems include the Mozilla Firefox web-browser, the OpenOffice.org office application suite and the GIMP image editor.
The name “Linux” comes from the Linux kernel, originally written in 1991 by Linus Torvalds. The main supporting Userland in the form of system tools and libraries from the GNU Project (announced in 1983 by Richard Stallman) is the basis for the Free Software Foundation‘s preferred name GNU/Linux.(www.wikipedia.org)
1.2. What is Red Hat Linux?
Red Hat Linux 1.0 was released on November 3, 1994. It was originally called “Red Hat Commercial Linux”It was the first Linux distribution to use the RPM Package Manager as its packaging format, and over time has served as the starting point for several other distributions, such as Mandriva Linux and Yellow Dog Linux.
Since 2003, Red Hat has discontinued the Red Hat Linux line in favor of Red Hat Enterprise Linux (RHEL) for enterprise environments
1.3. Version history:
Box cover shot of Red Hat Linux 5.2
Release dates drawn from announcements on comp.os.linux.announce. Version names are chosen as to be cognitively related to the prior release, yet not related in the same way as the release before that
- 1.0 (Mother’s Day), November 3, 1994 (Linux 1.2.8)
- 1.1 (Mother’s Day+0.1), August 1, 1995 (Linux 1.2.11)
- 2.0, September 20, 1995 (Linux 1.2.13-2)
- 2.1, November 23, 1995 (Linux 1.2.13)
- 3.0.3 (Picasso), May 1, 1996 – first release supporting DEC Alpha
- 4.0 (Colgate), October 3, 1996 (Linux 2.0.18) – first release supporting SPARC
- 4.1 (Vanderbilt), February 3, 1997 (Linux 2.0.27)
- 4.2 (Biltmore), May 19, 1997 (Linux 2.0.30-2)
- 5.0 (Hurricane), December 1, 1997 (Linux 2.0.32-2)
- 5.1 (Manhattan), May 22, 1998 (Linux 2.0.34-0.6)
- 5.2 (Apollo), November 2, 1998 (Linux 2.0.36-0.7)
- 6.0 (Hedwig), April 26, 1999 (Linux 2.2.5-15)
- 6.1 (Cartman), October 4, 1999 (Linux 2.2.12-20)
- 6.2 (Zoot), April 3, 2000 (Linux 2.2.14-5.0)
- 7 (Guinness), September 25, 2000 (this release is labeled “7” not “7.0”) (Linux 2.2.16-22)
- 7.1 (Seawolf), April 16, 2001 (Linux 2.4.2-2)
- 7.2 (Enigma), October 22, 2001 (Linux 2.4.7-10, Linux 2.4.9-21smp)
- 7.3 (Valhalla), May 6, 2002 (Linux 2.4.18-3)
- 8.0 (Psyche), September 30, 2002 (Linux 2.4.18-14)
- 9 (Shrike), March 31, 2003 (Linux 2.4.20-8) (this release is labeled “9” not “9.0”)
The Fedora and Red Hat Projects were merged on September 22, 2003. (www.wikipedia.org)
1.4. What is Red Hat Enterprise Linux :
Red Hat Enterprise Linux
Red Hat Enterprise Linux (RHEL) is a Linux distribution produced by Red Hat and targeted toward the commercial market, including mainframes. Red Hat Enterprise Linux is released in server versions for x86, x86-64, Itanium, PowerPC and IBM System z, and desktop versions for x86 and x86-64. All of Red Hat’s official support and training, and the Red Hat Certification Program center around the Red Hat Enterprise Linux platform.
Red Hat Enterprise Linux is often abbreviated to RHEL, although this is not an official designation.
Although Red Hat claims to supply major releases every 18 to 24 months, over 36 months have elapsed since the first release of Red Hat Enterprise Linux 5. However, Red Hat vice president of platform engineering Tim Burke confirmed that the beta version of Red Hat Enterprise Linux 6 would become available during the month of April 2010 with further release announcements coming at the Red Hat Summit in June 2010.A public beta was released on April 21, 2010.
When Red Hat releases a new version of Red Hat Enterprise Linux, customers may upgrade to the new version at no additional charge as long as they are in possession of a current subscription (i.e. the subscription term has not yet lapsed).
Red Hat’s first Enterprise offering (Red Hat Linux 6.2E) essentially consisted of a version of Red Hat Linux 6.2 with different support levels, and without separate engineering.
The first version of Red Hat Enterprise Linux to bear the name originally came onto the market as “Red Hat Linux Advanced Server”. In 2003 Red Hat rebranded Red Hat Linux Advanced Server to “Red Hat Enterprise Linux AS”, and added two more variants, Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS.
Verbatim copying and redistribution of the entire Red Hat Enterprise Linux distribution is not permitted due to trademark restrictions.However, there are several redistributions of Red Hat Enterprise Linux—such as CentOS—with trademarked features (such as logos, and the Red Hat name) removed
A kernel connects the application software to the hardware of a computer.
In computing, the kernel is the central component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel’s responsibilities include managing the system’s resources (the communication between hardware and software components).Usually as a basic component of an operating system, a kernel can provide the lowest-level abstraction layer for the resources (especially processors and I/O devices) that application software must control to perform its function. It typically makes these facilities available to application processes through inter-process communication mechanisms and system calls.
Operating system tasks are done differently by different kernels, depending on their design and implementation. (www.wikipedia.org)
1.5.2 Linux kernel
The Linux kernel is released under the GNU General Public License version 2 (GPLv2), (plus some firmware images with various licenses), and is developed by contributors worldwide. Day-to-day development takes place on the Linux kernel mailing list.
The Linux kernel was initially conceived and created by Finnish computer science studentLinus Torvalds in 1991. Linux rapidly accumulated developers and users who adopted code from other free software projects for use with the new operating system.The Linux kernel has received contributions from thousands of programmersMany Linux distributions have been released based upon the Linux kernel.
1.6.1 What is Computer Security?
Computer security is a general term that covers a wide area of computing and information processing.Industries that depend on computer systems and networks to conduct daily business transactions and access crucial information regard their data as an important part of their overall assets. Several terms and metrics have entered our daily business vocabulary, such as total cost of ownership (TCO)and quality of service (QoS). In these metrics, industries calculate aspects such as data integrity and high-availability as part of their planning and process management costs. In some industries, such as electronic commerce, the availability and trustworthiness of data can be the difference between success and failure. (www.cert.org/tech_tips/home_networks.html)
1.6.2 Security Controls
Computer security is often divided into three distinct master categories, commonly referred to as controls:
These three broad categories de_ne the main objectives of proper security implementation. Within these controls are sub-categories that further detail the controls and how to implement them.
1.6.3 Physical Controls
Physical control is the implementation of security measures in a de_ned structure used to deter or
prevent unauthorized access to sensitive material. Examples of physical controls are:
. Closed-circuit surveillance cameras
. Motion or thermal alarm systems
. Security guards
. Picture IDs
. Locked and dead-bolted steel doors
. Biometrics (includes _ngerprint, voice, face, iris, handwriting, and other automated methods used to recognize individuals)
1.6.4 Technical Controls
Technical controls use technology as a basis for controlling the access and usage of sensitive data
throughout a physical structure and over a network. Technical controls are far-reaching in scope and
encompass such technologies as:
. Smart cards
. Network authentication
. Access control lists (ACLs)
. File integrity auditing software
1.6.5 Administrative Controls
Administrative controls de_ne the human factors of security. It involves all levels of personnel within
an organization and determines which users have access to what resources and information by such
. Training and awareness
. Disaster preparedness and recovery plans
. Personnel recruitment and separation strategies
. Personnel registration and accounting
1.7.1 What is open source?
1.7.2 Software is free if it satisfies the four freedoms
1.8. Feature, Function and Benefit of Redhat Enterprise Linux 5:
Chapter 2: Redhat Enterprise Linux 5 and Printer Installation
We need to Boot from the RedHat DVD.
After booting, Hit Enter to install using the graphical mode.
. Press [Enter] to begin the installation. If we wish to abort the installation process at this time, simply eject the boot diskette now and reboot your machine
Anaconda will start….
Next the GUI interface will pop up and you can begin the installation Setup.
Click Next at the first screen.
Select the Language you want the system to use by default.
The next screen will display a popup asking for your installation number.
If we have purchased redhat enterprise linux we should have an installation number,if not simply skip and use evaluation mode.
Setting up our disk partitions can vary depending on our needs,if we like you can select a RAID setup or customize your partition layout.
Checking the Review and modify box allows you to edit the current layout.
We have already setup a simple Hard disk withing vmware as 20GB for this guide.
The next screen will install a bootloader.
Leave the default for GRUB to be installed under our new disk.
For added security we can protect the boot loader using a password (Recommended)
Next is our network settings, this can be a static ip address or a dynamic address assigned by a DHCP server on your network or a router.
The ip address we use is an internal STATIC IP that uses my router for DNS and the gateway. The host name can be set using DHCP DNS or editing the /etc/hosts file
Select the timezone for our locale.
Select the software applications we want to install as part of the system.
We selected the 2 available packages and checked the customize now box.
Customize the packages you want to install based on category.
Once started it will check for the package dependencies.
Now you can begin the installation of redhat 5
Formatting file system.
formatting file system
installing packages redhat 5
Reboot to complete the installation.
The next steps will setup and customize the system.
setup redhat 5
Accept license agreement
Configure the firewall to allow services such as HTTP or SSH.
Enable or disable SElinux
Setup date and time
Register at redhat for updates.
Create a new user for the system.
create a user
Setup and test your audio settings.
Insert any additional cds for software.
LOGIN as root and you can use your new redhat system.
login as root
Before you can configure access to services, you must understand Linux runlevels. A runlevel is a state, or mode, that is defined by the services listed in the directory /etc/rc.d/rc<x>.d, where
<x> is the number of the runlevel.
The following runlevels exist:
• 0 — Halt
• 1 — Single-user mode
• 2 — Not used (user-definable)
• 3 — Full multi-user mode
• 4 — Not used (user-definable)
• 5 — Full multi-user mode (with an X-based login screen)
• 6 — Reboot
If we use a text login screen, we are operating in runlevel 3. If we use a graphical login
screen, you are operating in runlevel 5.
The default runlevel can be changed by modifying the /etc/inittab file, which contains a line near the top of the file similar to the following:
Change the number in this line to the desired runlevel. The change does not take effect until We reboot the system.
2.2. Printer Setup in Redhat Enterprise Linux
Red Hat Enterprise Linux 5 uses the Common Unix Printing System (CUPS). If a system was upgraded from a previous Red Hat Enterprise Linux version that used CUPS, the upgrade process preserves the configured queues.
Using Printer Configuration Tool requires root privileges. To start the application, select System (on the panel) => Administration => Printing, or type the command system-config-printerat a shell prompt.
Figure 2-1. Printer Configuration Tool
The following types of print queues can be configured:
AppSocket/HP JetDirect — a printer connected directly to the network through HP JetDirect or Appsocket interface instead of a computer.
Internet Printing Protocol (IPP) — a printer that can be accessed over a TCP/IP network via the Internet Printing Protocol (for example, a printer attached to another Red Hat Enterprise Linux system running CUPS on the network).
LPD/LPR Host or Printer — a printer attached to a different UNIX system that can be accessed over a TCP/IP network (for example, a printer attached to another Red Hat Enterprise Linux system running LPD on the network).
Networked Windows (SMB) — a printer attached to a different system which is sharing a printer over an SMB network (for example, a printer attached to a Microsoft Windows™ machine).
Networked JetDirect — a printer connected directly to the network through HP JetDirect instead of a computer.
If we add a new print queue or modify an existing one, we must apply the changes for them to take effect.
Clicking the Apply button prompts the printer daemon to restart with the changes we have configured.
Clicking the Revert button discards unapplied changes.
2.2.1. Adding a Local Printer
To add a local printer, such as one attached through a parallel port or USB port on our computer, click the New Printer button in the main Printer Configuration Tool window to display the window.
Figure 2-2. Adding a Printer
Click Forward to proceed.
Enter a unique name for the printer in the Printer Name field. The printer name can contain letters, numbers, dashes (-), and underscores (_); it must not contain any spaces.
We can also use the Description and Location fields to further distinguish this printer from others that may be configured on your system. Both of these fields are optional, and may contain spaces.
Click Forward to open the New Printer dialogue. If the printer has been automatically detected, the printer model appears in Select Connection. Select the printer model and click Forward to continue.
If the device does not automatically appear, select the device to which the printer is connected (such as LPT #1 or Serial Port #1) in Select Connection.
Figure 2-3: Selecting the Printer Model and Finishing
Once we have properly selected a printer queue type, you can choose either option:
Select a Printer from database – If you select this option, choose the make of your printer from the list of Makes. If your printer make is not listed, choose Generic.
Provide PPD file – A PostScript Printer Description (PPD) file may also be provided with your printer. this file is normally provided by the manufacturer. If you are provided with a PPD file, you can choose this option and use the browser bar below the option description to select the PPD file.
Figure 2-4. Selecting a Printer Model
After choosing an option, click Forward to continue. We now have to choose the corresponding model and driver for the printer.
The recommended printed driver is automatically selected based on the printer model we chose. The print driver processes the data that we want to print into a format the printer can understand. Since a local printer is attached directly to your computer, we need a printer driver to process the data that is sent to the printer.
If we have a PPD file for the device (usually provided by the manufacturer), we can select it by choosing Provide PPD file. We can then browse the file system for the PPD file by clicking Browse
2.2.2. Confirming Printer Configuration
The last step is to confirm our printer configuration. Click Apply to add the print queue if the settings are correct. Click Back to modify the printer configuration.
After applying the changes, print a test page to ensure the configuration is correct.
After configuring printer successfully we have to apply to commands
#service cups restart
#chkconfig cups on
2.2.3 Printing a Test Page
After we have configured our printer, we should print a test page to make sure the printer is functioning properly. To print a test page, select the printer that we want to try out from the printer list, then click Print Test Page from the printer’s Settings tab.
If we change the print driver or modify the driver options, we should print a test page to test the different configuration.
Chapter 3: User Account, Group and Permission
3.1. User Accounts, Groups, and Permissions
Under Red Hat Enterprise Linux, a user can log into the system and use any applications or files they are permitted to access after a normal user account is created. Red Hat Enterprise Linux determines whether or not a user or group can access these resources based on the permissions assigned to them.
There are three different permissions for files, directories, and applications. These permissions are used to control the kinds of access allowed. Different one-character symbols are used to describe each permission in a directory listing. The following symbols are used:
· r — Indicates that a given category of user can read a file.
· w — Indicates that a given category of user can write to a file.
· x — Indicates that a given category of user can execute the contents of a file.
A fourth symbol (-) indicates that no access is permitted.
Each of the three permissions are assigned to three different categories of users. The categories are:
· owner — The owner of the file or application.
· group — The group that owns the file or application.
· everyone — All users with access to the system.
As stated earlier, it is possible to view the permissions for a file by invoking a long format listing with the command ls -l. For example, if the user juan creates an executable file named foo, the output of the command ls -l foo would appear like this:
-rwxrwxr-x 1 juan juan 0 Sep 26 12:25 foo
The permissions for this file are listed at the start of the line, beginning with rwx. This first set of symbols define owner access — in this example, the owner juan has full access, and may read, write, and execute the file. The next set of rwx symbols define group access (again, with full access), while the last set of symbols define the types of access permitted for all other users. Here, all other users may read and execute the file, but may not modify it in any way.
One important point to keep in mind regarding permissions and user accounts is that every application run on Red Hat Enterprise Linux runs in the context of a specific user. Typically, this means that if user juan launches an application, the application runs using user juan‘s context. However, in some cases the application may need a more privileged level of access in order to accomplish a task. Such applications include those that edit system settings or log in users. For this reason, special permissions have been created.
There are three such special permissions within Red Hat Enterprise Linux. They are:
· setuid — used only for applications, this permission indicates that the application is to run as the owner of the file and not as the user executing the application. It is indicated by the character s in place of the x in the owner category. If the owner of the file does not have execute permissions, the S is capitalized to reflect this fact.
· setgid — used primarily for applications, this permission indicates that the application is to run as the group owning the file and not as the group of the user executing the application.
If applied to a directory, all files created within the directory are owned by the group owning the directory, and not by the group of the user creating the file. The setgid permission is indicated by the character s in place of the x in the group category. If the group owner of the file or directory does not have execute permissions, the S is capitalized to reflect this fact.
· sticky bit — used primarily on directories, this bit dictates that a file created in the directory can be removed only by the user that created the file. It is indicated by the character t in place of the x in the everyone category. If the everyone category does not have execute permissions, the T is capitalized to reflect this fact.
Under Red Hat Enterprise Linux, the sticky bit is set by default on the /tmp/ directory for exactly this reason.
In Red Hat Enterprise Linux, user account and group names are primarily for peoples’ convenience. Internally, the system uses numeric identifiers. For users, this identifier is known as a UID, while for groups the identifier is known as a GID. Programs that make user or group information available to users translate the UID/GID values into their more human-readable counterparts.
|UIDs and GIDs must be globally unique within your organization if you intend to share files and resources over a network. Otherwise, whatever access controls you put in place may fail to work properly, as they are based on UIDs and GIDs, not usernames and group names. |
Specifically, if the /etc/passwd and /etc/group files on a file server and a user’s workstation differ in the UIDs or GIDs they contain, improper application of permissions can lead to security issues.
For example, if user juan has a UID of 500 on a desktop computer, files juan creates on a file server will be created with owner UID 500. However, if user bob logs in locally to the file server (or even some other computer), and bob‘s account also has a UID of 500, bob will have full access to juan‘s files, and vice versa.
Therefore, UID and GID collisions are to be avoided at all costs.
There are two instances where the actual numeric value of a UID or GID has any specific meaning. A UID and GID of zero (0) are used for the root user, and are treated specially by Red Hat Enterprise Linux — all access is automatically granted.
The second instance is that UIDs and GIDs below 500 are reserved for system use. Unlike UID/GID zero (0), UIDs and GIDs below 500 are not treated specially by Red Hat Enterprise Linux. However, these UIDs/GIDs are never to be assigned to a user, as it is likely that some system component either currently uses or will use these UIDs/GIDs at some point in the future.
When new user accounts are added using the standard Red Hat Enterprise Linux user creation tools, the new user accounts are assigned the first available UID and GID starting at 500. The next new user account is assigned UID/GID 501, followed by UID/GID 502, and so on.
A brief overview of the various user creation tools available under Red Hat Enterprise Linux occurs later in this chapter. But before reviewing these tools, the next section reviews the files Red Hat Enterprise Linux uses to define system accounts and groups.
On Red Hat Enterprise Linux, information about user accounts and groups are stored in several text files within the /etc/ directory. When a system administrator creates new user accounts, these files must either be edited manually or applications must be used to make the necessary changes.
The following section documents the files in the /etc/ directory that store user and group information under Red Hat Enterprise Linux.
The /etc/passwd file is world-readable and contains a list of users, each on a separate line. On each line is a colon delimited list containing the following information:
· Username — The name the user types when logging into the system.
· Password — Contains the encrypted password (or an x if shadow passwords are being used — more on this later).
· User ID (UID) — The numerical equivalent of the username which is referenced by the system and applications when determining access privileges.
· Group ID (GID) — The numerical equivalent of the primary group name which is referenced by the system and applications when determining access privileges.
· GECOS — Named for historical reasons, the GECOS field is optional and is used to store extra information (such as the user’s full name). Multiple entries can be stored here in a comma delimited list. Utilities such as finger access this field to provide additional user information.
· Home directory — The absolute path to the user’s home directory, such as /home/juan/.
· Shell — The program automatically launched whenever a user logs in. This is usually a command interpreter (often called a shell). Under Red Hat Enterprise Linux, the default value is /bin/bash. If this field is left blank, /bin/sh is used. If it is set to a non-existent file, then the user will be unable to log into the system.
Here is an example of a /etc/passwd entry:
This line shows that the root user has a shadow password, as well as a UID and GID of 0. The root user has /root/ as a home directory, and uses /bin/bash for a shell.
Because the /etc/passwd file must be world-readable (the main reason being that this file is used to perform the translation from UID to username), there is a risk involved in storing everyone’s password in /etc/passwd. True, the passwords are encrypted. However, it is possible to perform attacks against passwords if the encrypted password is available.
If a copy of /etc/passwd can be obtained by an attacker, an attack that can be carried out in secret becomes possible. Instead of risking detection by having to attempt an actual login with every potential password generated by password-cracker, an attacker can use a password cracker in the following manner:
· A password-cracker generates potential passwords
· Each potential password is then encrypted using the same algorithm as the system
· The encrypted potential password is then compared against the encrypted passwords in /etc/passwd
The most dangerous aspect of this attack is that it can take place on a system far-removed from your organization. Because of this, the attacker can use the highest-performance hardware available, making it possible to go through massive numbers of passwords very quickly.
Therefore, the /etc/shadow file is readable only by the root user and contains password (and optional password aging information) for each user. As in the /etc/passwd file, each user’s information is on a separate line. Each of these lines is a colon delimited list including the following information:
· Username — The name the user types when logging into the system. This allows the login application to retrieve the user’s password (and related information).
· Encrypted password — The 13 to 24 character password. The password is encrypted using either the crypt(3) library function or the md5 hash algorithm. In this field, values other than a validly-formatted encrypted or hashed password are used to control user logins and to show the password status. For example, if the value is ! or *, the account is locked and the user is not allowed to log in. If the value is !! a password has never been set before (and the user, not having set a password, will not be able to log in).
· Date password last changed — The number of days since January 1, 1970 (also called the epoch) that the password was last changed. This information is used in conjunction with the password aging fields that follow.
· Number of days before password can be changed — The minimum number of days that must pass before the password can be changed.
· Number of days before a password change is required — The number of days that must pass before the password must be changed.
· Number of days warning before password change — The number of days before password expiration during which the user is warned of the impending expiration.
· Number of days before the account is disabled — The number of days after a password expires before the account will be disabled.
· Date since the account has been disabled — The date (stored as the number of days since the epoch) since the user account has been disabled.
A reserved field — A field that is ignored in Red Hat Enterprise Linux
3.5.1 Steps for adding user and groups and log in shell out:
Ø For adding user we write adduser (username)
Ø Then we have set password. For it we write (passwd username)
Ø A root user can out the log in shell of any user by applying command (chsh username).Then /sbin/nologin
Ø Multiple user can be added with any group by the command
(gpasswd -M username1,username2 groupname)
User add,Group add and Login Shell out
Figure 3-1: In the above code user khalid, ruhul and neo is added also group netshared is added.User neo has no log in shell. User ruhul and khalid is the secondary group member of group netshared
Ø We write the command (cat /etc/group) for seeing group name and group members
Figure 3-2: In the figure user khalid and ruhul is the member of group netshared
3.5.2 User Account Expire, and User Password Lock
Ø We write command (chage –l username) to see user account status
Ø We give command (chage –E yyyy/mm/dd username) to set user account expiration date.
Ø For removing account expiration date we write (chage –l username)
Ø We can lock password of any user by writing command (passwd –l username)
Figure 3-3: In the above code we have seen the account status of user khalid and set the account expiration date as 05/07/2010.Also we have locked the password of khalid and after it we unlocked
3.6. Access Control Lists:
Files and directories have permission sets for the owner of the file, the group associated with the file, and all other users for the system. However, these permission sets have limitations. For example, different permissions cannot be configured for different users. Thus, Access Control Lists (ACLs) were implemented.
The Red Hat Enterprise Linux 5 kernel provides ACL support for the ext3 file system and NFS-exported file systems. ACLs are also recognized on ext3 file systems accessed via Samba.
Along with support in the kernel, the acl package is required to implement ACLs. It contains the utilities used to add, modify, remove, and retrieve ACL information.
The cp and mv commands copy or move any ACLs associated with files and directories
3.6.1 Why ACL is used: ACL is used to give the special permission to any user. When in a file or directory has no others read, write or execution permission but a other user can red write or execute that file or directory by ACL.
3.6.2 Steps for setting up ACL:
- At first we will make a partition. (The partition process is shown in chapter 4)
- Then a directory is created under the root (mkdir /exports)
- We have to give entry in the fstab file for mounting the new partition
- Then a file (fstab) is copied to the new directory (cp /etc/fstab /exports) and we withdraw the others permission of this file.(chmod –x fstab)
- Then a special read write permission is given to user khalid by command (setfacl –m u:khalid:rw /exports/fstab)
- The ACL status is seen by command (getfacl /exports/fstab).
Figure 3-4: In the above code a new directory exports is created and the fstab file is copied to directory exports. Then Execution permission of the directory is withdrawn.
Figure 3-5: Partition 15 is mounting under exports and ACL is set in the partition.
Figure 3-6: ACL status where there is no others permission but user khalid has read, write permission
Chapter 4: Disk management and Data Security
Logical Volume Manager (LVM)
LVM is a method of allocating hard drive space into logical volumes that can be easily resized instead of partitions.
With LVM, a hard drive or set of hard drives is allocated to one or more physical volumes. A physical volume cannot span over more than one drive.
The physical volumes are combined into logical volume groups, with the exception of the /boot/ partition. The /boot/ partition cannot be on a logical volume group because the boot loader cannot read it. If the root (/) partition is on a logical volume, create a separate /boot/ partition which is not a part of a volume group.
Since a physical volume cannot span over multiple drives, to span over more than one drive, create one or more physical volumes per drive.
Figure 4-1. Logical Volume Group
The logical volume group is divided into logical volumes, which are assigned mount points, such as /home and /m and file system types, such as ext2 or ext3. When “partitions” reach their full capacity, free space from the logical volume group can be added to the logical volume to increase the size of the partition. When a new hard drive is added to the system, it can be added to the logical volume group, and partitions that are logical volumes can be expanded.
Figure 4-2. Logical Volumes
On the other hand, if a system is partitioned with the ext3 file system, the hard drive is divided into partitions of defined sizes. If a partition becomes full, it is not easy to expand the size of the partition. Even if the partition is moved to another hard drive, the original hard drive space has to be reallocated as a different partition or not used.
LVM support must be compiled into the kernel, and the default Red Hat kernel is compiled with LVM support
4.2. LVM Configuration
LVM can be configured during the graphical installation process, the text-based installation process, or during a kickstart installation. You can use the utilities from the lvm package to create your own LVM configuration post-installation, but these instructions focus on using Disk Druid during installation to complete this task.
An overview of the general steps required to configure LVM include:
· Creating physical volumes from the hard drives.
· Creating volume groups from the physical volumes.
· Creating logical volumes from the volume groups and assign the logical volumes mount points
On the Disk Partitioning Setup screen, select Automatically partition.
For Red Hat Enterprise Linux, LVM is the default method for disk partitioning. If you do not wish to have LVM implemented, or if you require RAID partitioning, manual disk partitioning through Disk Druid is required.
The following properties make up the automatically created configuration:
· The /boot/ partition resides on its own non-LVM partition. In the following example, it is the first partition on the first drive (/dev/sda1). Bootable partitions cannot reside on LVM logical volumes.
· A single LVM volume group (VolGroup00) is created, which spans all selected drives and all remaining space available. In the following example, the remainder of the first drive (/dev/sda2), and the entire second drive (/dev/sdb1) are allocated to the volume group.
· Two LVM logical volumes (LogVol00 and LogVol01) are created from the newly created spanned volume group. In the following example, the recommended swap space is automatically calculated and assigned to LogVol01, and the remainder is allocated to the root file system, LogVol00.
Figure 4-3. Automatic LVM Configuration With Two SCSI Drives
4.4. Steps for configuring LVM:
Ø In the frist step we make a partition of 500MB (fdisk /dev/sda)
Ø Then we have to change the file system of the new partition (For LVM its partition id is 8E)
Ø Then we create the physical volume of the hard disk by command of (pvcreate /dev/sda11)
Ø Volume group is created by the command (vgcreate newvg /dev/sda11)
Ø After it we create logical volume of 100MB ( lvcreate –L 100M –n newlv newvg)
Ø We hav to give entry in the fstab by opening fstab (vi /etc/fstab)
Ø The entry will like this (dev/newvg/newlv /data ext3 dafaults 0 0)
Ø For extending the LVM we give the command
(lvextend –L +100M /dev/newvg/newlv)
Ø Before reducing LVM we have to unmount the partition from fstab.
Ø For reducing the LVM we give the command
(lvreduce –L 150 /dev/newvg/newlv)
4.4.1Creating Partition and Changing Partition ID:
Figure 4-4: Making new partition and changing partition id into LVM.
4.4.2Creating volume group and logical volume:
Figure 4-5: Creating 500MB physical and 100MB logical volume
4.4.3 Logical Volume Extension & Reduction:
Figure 4-6: Extending logical volume into 100MB and reducing logical volume into 150MB
4.4.4 Mounting Logical volume and Entry to the fstab:
Figure 4-7: Mounting LVM in the data directory
4.5 RAID, (Redundant Array of Independent Disks):
4.5.1 What is RAID?
The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to accomplish performance or redundancy goals not attainable with one large and expensive drive. This array of drives appears to the computer as a single logical storage unit or drive.
RAID is a method in which information is spread across several disks. RAID uses techniques such as disk striping (RAID Level 0), disk mirroring (RAID level 1), and disk striping with parity (RAID Level 5) to achieve redundancy, lower latency and/or to increase bandwidth for reading or writing to disks, and to maximize the ability to recover from hard disk crashes.
The underlying concept of RAID is that data may be distributed across each drive in the array in a consistent manner. To do this, the data must first be broken into consistently-sized chunks (often 32K or 64K in size, although different sizes can be used). Each chunk is then written to a hard drive in the RAID array according to the RAID level used. When the data is to be read, the process is reversed, giving the illusion that the multiple drives in the array are actually one large drive.
Those who need to keep large quantities of data on hand (such as system administrators) would benefit by using RAID technology. Primary reasons to use RAID include:
· Enhanced speed
· Increased storage capacity using a single virtual disk
· Lessened impact of a disk failure
There are two possible RAID approaches: Hardware RAID and Software RAID.
The hardware-based array manages the RAID subsystem independently from the host and presents to the host only a single disk per RAID array.
An example of a Hardware RAID device would be one that connects to a SCSI controller and presents the RAID arrays as a single SCSI drive. An external RAID system moves all RAID handling “intelligence” into a controller located in the external disk subsystem. The whole subsystem is connected to the host via a normal SCSI controller and appears to the host as a single disk.
RAID controllers also come in the form of cards that act like a SCSI controller to the operating system but handle all of the actual drive communications themselves. In these cases, you plug the drives into the RAID controller just like you would a SCSI controller, but then you add them to the RAID controller’s configuration, and the operating system never knows th