Fedora And Red Hat System Administration/Print version
This is the print version of Fedora And Red Hat System Administration You won't see this message or any elements not part of the book's content when you print or preview this page. |
The current, editable version of this book is available in Wikibooks, the open-content textbooks collection, at
https://en.wikibooks.org/wiki/Fedora_And_Red_Hat_System_Administration
Shell Basics
From the moment you connect to an SSH session, log into a text console, or open a terminal from a graphical environment, you are interacting with a shell program. To describe it simply, the shell provides your command line. It receives the commands you type and runs programs as needed to service those commands.
Bash, the most popular shell for GNU/Linux systems, is built on ideas going back to the original UNIX shell, the Borne Shell. While the Borne shell was revolutionary for its day, it is rather clunky by today's standards. Concepts like command line editing, command history and job control evolved later in other shells that sought to replace the original Borne shell such as the C shell and the Korn Shell. While these features greatly enhanced shell usability, they also came at the price of breaking compatibility with Borne shell syntax. When the GNU Project designed their shell they chose to implement these new ideas but still maintain compatibility with the original Borne shell. The called their shell the Borne Again Shell, or simply Bash.
The basic ideas for the shell differ little from the original, but command history, commandline editing, and features used in shell scripts are more idiosyncratic.
Running commands from the shell
[edit | edit source]Commands at the shell take a basic form of:
COMMAND [-OPTIONS]... [ARG]...
(It is common convention to put variables in capitols and square brackets around optional elements. The ellipsis indicates the preceding can be repeated).
The COMMAND can be one of four things:
- A Program - The shell will search your PATH environment variable for programs named COMMAND. Most programs are in /bin or /usr/bin. Documentation for commands are usually found in manual pages (Accessed with `man COMMAND')
- A Shell Built-in - Built-in commands are commands processed directly by the shell such as cd, echo and alias. Documentation for built-ins can be found in the manual page for bash or with the help built-in: `help COMMAND'.
- An alias - Aliases are processed before the command is run and are replaced by another command, possibly adding options or arguments.
- A Function - Functions call a sequence of commands and are more often used in shell scripting than on a typical command line.
Example Built-in Commands
[edit | edit source]Some of the simplest commands are Built-ins. echo for example simply prints the arguments passed to it:
[jtk@athena ~]$ echo Hello, World! Hello, World!
The pwd built-in prints the working directory; cd changes the working directory. (We'll define "working directory" later when we discuss filesystem basics).
[jtk@athena ~]$ pwd /home/jtk [jtk@athena ~]$ cd /usr/share/doc/bash-3.1/ [jtk@athena bash-3.1]$ pwd /usr/share/doc/bash-3.1 [jtk@athena bash-3.1]$ cd [jtk@athena ~]$ pwd /home/jtk
The help built-in provides documentation on built-ins. Without arguments it gives a list of built-ins. With Arguments, help can provide details on a particular built-in command:
[jtk@athena ~]$ help GNU bash, version 3.1.7(1)-release (i386-redhat-linux-gnu) These shell commands are defined internally. Type `help' to see this list. Type `help name' to find out more about the function `name'. Use `info bash' to find out more about the shell in general. Use `man -k' or `info' to find out more about commands not in this list. A star (*) next to a name means that the command is disabled. JOB_SPEC [&] (( expression )) . filename [arguments] : [ arg... ] (( expression )) alias [-p] [name[=value] ... ] bg [job_spec ...] bind [-lpvsPVS] [-m keymap] [-f fi break [n] builtin [shell-builtin [arg ...]] caller [EXPR] case WORD in [PATTERN [| PATTERN]. cd [-L|-P] [dir] command [-pVv] command [arg ...] compgen [-abcdefgjksuv] [-o option complete [-abcdefgjksuv] [-pr] [-o continue [n] declare [-afFirtx] [-p] [name[=val dirs [-clpv] [+N] [-N] disown [-h] [-ar] [jobspec ...] echo [-neE] [arg ...] enable [-pnds] [-a] [-f filename] eval [arg ...] exec [-cl] [-a name] file [redirec exit [n] export [-nf] [name[=value] ...] or false fc [-e ename] [-nlr] [first] [last fg [job_spec] for NAME [in WORDS ... ;] do COMMA for (( exp1; exp2; exp3 )); do COM function NAME { COMMANDS ; } or NA getopts optstring name [arg] hash [-lr] [-p pathname] [-dt] [na help [-s] [pattern ...] history [-c] [-d offset] [n] or hi if COMMANDS; then COMMANDS; [ elif jobs [-lnprs] [jobspec ...] or job kill [-s sigspec | -n signum | -si let arg [arg ...] local name[=value] ... logout popd [+N | -N] [-n] printf [-v var] format [arguments] pushd [dir | +N | -N] [-n] pwd [-LP] read [-ers] [-u fd] [-t timeout] [ readonly [-af] [name[=value] ...] return [n] select NAME [in WORDS ... ;] do CO set [--abefhkmnptuvxBCHP] [-o opti shift [n] shopt [-pqsu] [-o long-option] opt source filename [arguments] suspend [-f] test [expr] time [-p] PIPELINE times trap [-lp] [arg signal_spec ...] true type [-afptP] name [name ...] typeset [-afFirtx] [-p] name[=valu ulimit [-SHacdfilmnpqstuvx] [limit umask [-p] [-S] [mode] unalias [-a] name [name ...] unset [-f] [-v] [name ...] until COMMANDS; do COMMANDS; done variables - Some variable names an wait [n] while COMMANDS; do COMMANDS; done { COMMANDS ; } [jtk@athena ~]$ help help help: help [-s] [pattern ...] Display helpful information about builtin commands. If PATTERN is specified, gives detailed help on all commands matching PATTERN, otherwise a list of the builtins is printed. The -s option restricts the output for each builtin command matching PATTERN to a short usage synopsis. [jtk@athena ~]$ help cd cd: cd [-L|-P] [dir] Change the current directory to DIR. The variable $HOME is the default DIR. The variable CDPATH defines the search path for the directory containing DIR. Alternative directory names in CDPATH are separated by a colon (:). A null directory name is the same as the current directory, i.e. `.'. If DIR begins with a slash (/), then CDPATH is not used. If the directory is not found, and the shell option `cdable_vars' is set, then try the word as a variable name. If that variable has a value, then cd to the value of that variable. The -P option says to use the physical directory structure instead of following symbolic links; the -L option forces symbolic links
Example Program Commands
[edit | edit source]Most commands you'll use are programs. That is, they are a separate program run in a separate process from the bash shell. These programs can be found in a number of locations on the system. The directories searched are specified in the PATH environment variable, but more on that later. Most programs are found in either the /bin or /usr/bin directories and we'll focus on those for now.
If I want to get a listing of files in a directory I would use the ls command. The actual program that runs when you type "ls" is found at /bin/ls. If called without arguments, ls will give a listing of files in the current directory. An argument can be used to tell it which directory to list. Options can be used to tell it how to list the files:
[jtk@athena ~]$ ls bin Desktop google-earth svn [jtk@athena ~]$ ls -l drwxrwxr-x 2 jtk jtk 4096 Dec 1 12:32 bin drwxr-xr-x 8 jtk jtk 4096 Jan 11 13:51 Desktop drwxr-xr-x 9 jtk jtk 4096 Dec 17 22:21 google-earth -rw-r--r-- 1 jtk jtk 16791707 Dec 5 16:43 livejournal.tar.bz2 drwxrwxr-x 2 jtk jtk 4096 Dec 8 13:23 svn [jtk@athena ~]$ ls -lt drwxrwxr-x 2 jtk jtk 4096 Dec 1 12:32 bin -rw-r--r-- 1 jtk jtk 16791707 Dec 5 16:43 livejournal.tar.bz2 drwxrwxr-x 2 jtk jtk 4096 Dec 8 13:23 svn drwxr-xr-x 9 jtk jtk 4096 Dec 17 22:21 google-earth drwxr-xr-x 8 jtk jtk 4096 Jan 11 13:51 Desktop [jtk@athena ~]$ ls /home/ db2inst1 jtk lost+found [jtk@athena ~]$ ls -l /home/ total 24 drwxr-xr-x 7 db2inst1 db2iadm1 4096 Jul 17 2006 db2inst1 drwx------ 11 jtk jtk 4096 Feb 2 11:47 jtk drwx------ 2 root root 16384 Apr 19 2006 lost+found
Notice the option string "-lt". The "l" specifies a "long" listing while the "t" specifies that the entries should be sorted by modification time. These are single character options and could have been specified separately as "-l -t", but they are usually grouped together like this.
It is customary to put options before arguments such as in the command "ls -l /home". With GNU utilities this is optional, but some utilities will complain if any options appear after the same argument. (There is no distinction between option and argument to the shell or the operating system. When the command is executed by the kernel, they are all arguments and it is up to the program to interpret them).
Example Running Command as Root User
[edit | edit source]If you are a user which is not root and you need to install or run a command which requires admin credentials then just do the following:
[jtk@athena ~]$ su root Enter root password Run the command you want (as root).
It's that's easy.
If you are a user and want to list the IP address of the machine you can use sudo command, for now lets imagine you are allowed to use sudo command
# sudo /sbin/ifconfig
Similarly you can use sudo to run any superuser command
The X Window System
The X window system or X11 is most basic component of the graphical environment. You can find many implementations of X11 including servers for Max OSX and Windows (Please insert recommendations!). Most GNU/Linux distributions now use X.Org's implementation (which forked not too long ago from the XFree86 project).
Starting X
[edit | edit source]Graphical Login and GDM
[edit | edit source]Most functions of your users graphical experience is actually not handled by X, but rather by the Graphical login managers, such as the Gnome Display Manager(GDM). While other display managers exist, Red Hat and fedora based systems use the Gnome Display Manager as the login manager for their systems.
The X command
[edit | edit source]In comparison to Graphical Managers such as GDM, "X" contains extremely minimal functionality on its own, but each graphical display manager is actually built atop X, and thus X is important to understand in its own right.
The 'X' window system is:
- a client-server application
- The client is the application using the X-window
- The server controls the keyboard and screen and takes signals from the application and responds with output to display on the screen
- A protocol used by the application to connect to the server
- the 'X' protocol, also known as X11
To start X, one has
The startx command
[edit | edit source]The X startup scripts
[edit | edit source]Remote X access with SSH
[edit | edit source]/etc/ssh/ssh_config
[edit | edit source]/etc/ssh/sshd_config
[edit | edit source]VNC
[edit | edit source]Starting a VNC Server
[edit | edit source]vncserver :1
Customizing your VNC X startup
[edit | edit source]Securing your VNC connection
[edit | edit source]Further reading
[edit | edit source]
Archives And Compression
Compressing Data
[edit | edit source] This page was last edited 89 months ago, and may be abandoned This page has not been edited since 28 May 2017, but other pages in this book might have been. Check out related changes to see what the state of this book is. You can help by editing and updating this book. Remove {{under construction}} from this page if it is not being actively edited. Ask for help at WB:PROJECTS. |
gzip
and gunzip
[edit | edit source]Under Construction
bzip2
and bunzip2
[edit | edit source]Under Construction
tar
- *NIX Archives
[edit | edit source]Under Construction
Creating a tar
archive
[edit | edit source]To create an uncompressed tar
archive,
the c
and f
options are provided (think 'c' for create and 'f' for filename):
[user@station user]$ tar cf foo.tar file1 file2 file3
The first argument is the name of the archive, in this case foo.tar
.
Any following arguments are the files that are being archived (e.g. file1 file2 file3
).
Usually globbing is used to archive all files of a particular type (e.g. tar cf foo.tar *.cpp
will archive all of the .cpp files in the current directory):
To archive all files and subdirectories within a directory,
the same options are provided,
but the second argument is the .
character which symbolizes the current working directory:
[user@station user]$ tar cf foo.tar .
To compress the contents of the archive one of the z
, J
, or j
options are used.
Each option corresponds to a different compression algorithm, which in order are: gzip
, xz
, and bzip2
.
For example, to create a gzip
compressed archive of the current directory the following would be run:
[user@station user]$ tar cfz foo.tar.gz .
Inspecting a tar
archive
[edit | edit source]Under Construction
Extracting a tar
archive
[edit | edit source]Under Construction
cpio
- Flexible Archiving Tool
[edit | edit source]In general, tar
is the preferred method for creating archives,
but in some cases a particular archive format may be desired and
cpio
provides a greater degree of control over how the archive is
generated at the cost of greater complexity.
Creating a cpio
archive
[edit | edit source]To create a cpio
archive, the -o
option is provided (think 'o' for "The archive is being written out"). cpio
expects a list of files to be provided to its standard input. The list of files is usually provided by piping results from the find command. The -H
option can be used to specify the archive format, see the man page for more information.
[user@station user]$ find playground/ playground/ playground/AUTHORS playground/ChangeLog playground/COPYING playground/foo.txt playground/newfile [user@station user]$ find playground/ | cpio -o >archive 1212 blocks [user@station user]$ ls -l archive -rw-rw-r-- 1 user user 620544 Jan 5 08:49 archive [user@station user]$ file archive archive: cpio archive
Listing contents of an archive with cpio
[edit | edit source]To view the contents of an archive the -i
option is provided
to tell cpio
to expect the archive data on its standard input.
The -t
option is also used then to tell cpio to not extract, but
rather simply list the contents of the archive.
[user@station user]$ cpio -it <archive playground/ playground/AUTHORS playground/ChangeLog playground/COPYING playground/foo.txt playground/newfile 1212 blocks
Extracting an archive with cpio
[edit | edit source]The -i
option is used with a combination of options to tell
it how to extract. Common choices include -d
to tell cpio to
create directories as needed. -m
to reset file modification
times. -R
to change file ownership.
[user@station user]$ cd /tmp [user@station tmp]$ cpio -idm <archive 1212 blocks [user@station tmp]$ find playground/ playground/ playground/AUTHORS playground/ChangeLog playground/COPYING playground/foo.txt playground/newfile
zip
- PKZIP style archives
[edit | edit source]Creating a zip
archive
[edit | edit source][user@station user]$ zip -r playground.zip playground adding: playground/ (stored 0%) adding: playground/AUTHORS (deflated 63%) adding: playground/COPYING (deflated 62%) adding: playground/foo.txt (stored 0%) adding: playground/newfile (deflated 39%) adding: playground/ChangeLog (deflated 70%) [user@station user]$ ls -l playground.zip -rw-r--r-- 1 user user 71607 Jan 11 14:33 playground.zip
Listing contents of a zip
archive
[edit | edit source][user@station user]$ unzip -l playground.zip Archive: playground.zip Length Date Time Name -------- ---- ---- ---- 0 01-11-05 14:33 playground/ 2110 01-11-05 14:32 playground/AUTHORS 17992 01-11-05 14:33 playground/COPYING 22 01-11-05 14:33 playground/foo.txt 44 01-11-05 14:33 playground/newfile 212169 01-11-05 14:32 playground/ChangeLog -------- ------- 232337 6 files
Unpacking a zip
archive
[edit | edit source][user@station user]$ rm -rf playground [user@station user]$ unzip playground.zip Archive: playground.zip creating: playground/ inflating: playground/AUTHORS inflating: playground/COPYING extracting: playground/foo.txt inflating: playground/newfile inflating: playground/ChangeLog
dump
- Filesystem Level Backup
[edit | edit source]Under Construction
Finding And Checking Files
Finding files with dangerous permissions
[edit | edit source]Files that are writable by "other"
[edit | edit source]If we search just based on permission, we'll get false hits from things like symbolic links.
[user@station user]$ find . -perm +002 -ls 4095 0 lrwxrwxrwx 1 user user 22 Jan 4 08:30 ./rh033 -> rh033-RHEL3-1-20031103 10209 0 lrwxrwxrwx 1 user user 18 Jan 4 09:28 ./.mozilla/default/bgdnw5up.slt/lock -> 192.168.0.254:3311 63259 1 -rw-rw-rw- 1 user user 6 Jan 5 11:58 ./playground/real-problem
Instead look for files with other write enabled that are regular files.
[user@station user]$ find . -perm +002 -type f -ls 63259 1 -rw-rw-rw- 1 user user 6 Jan 5 11:58 ./playground/real-problem
Directories that are writable by "other"
[edit | edit source]When searching for directories that are writeable by other, one should also consider whether the "sticky bit" is set for the directory. In octal, the sticky bit is represented as a 1 in the first position in four digit octal representation (ex: 1777). This is a common setting for temporary directories and is not normally considered a security risk.
World writable temporary directories:
[user@station user]$ find / -perm -1002 -type d -ls 2>/dev/null 493 0 drwxrwxrwt 2 root root 40 Jan 4 09:25 /dev/shm 2 4 drwxrwxrwt 11 root root 4096 Jan 5 11:42 /tmp 58497 4 drwxrwxrwt 2 xfs xfs 4096 Jan 4 09:26 /tmp/.font-unix 29250 4 drwxrwxrwt 2 root user 4096 Jan 4 09:27 /tmp/.X11-unix 14625 4 drwxrwxrwt 2 user user 4096 Jan 4 09:27 /tmp/.ICE-unix 29252 4 drwxrwxrwt 2 user user 4096 Jan 4 09:28 /tmp/.esd 665189 4 drwxrwxrwt 2 root root 4096 Jan 3 07:51 /var/lib/texmf 97345 4 drwxrwxrwt 2 root root 4096 Jan 4 14:00 /var/tmp 178466 4 drwxrwxrwt 2 root root 4096 Aug 11 2003 /var/spool/vbox 762533 4 drwxrwxrwt 2 root root 4096 Sep 25 2003 /var/spool/samba
Finding the real problem directories:
[user@station user]$ find / -perm -002 -not -perm -1000 -type d -ls 2>/dev/null
46931 1 drwxrwxrwx 2 user user 1024 Jan 5 12:06 /home/kupferer/bad-permissions
SUID and SGID executables
[edit | edit source]SUID and SGID executables can present serious security concerns since they allow users to execute programs with permissions of another user. For this reason they should be closely monitored. SUID is represented as 4 in the first position and SGID, by a 2.
md5sum
[edit | edit source]The md5sum
command produces a checksum for a file that can be used later to check whether the file's contents have changed.
[user@station user]$ echo "some content" >a_file [user@station user]$ md5sum a_file eb9c2bf0eb63f3a7bc0ea37ef18aeba5 a_file [user@station user]$ echo "Some content" >a_file [user@station user]$ md5sum a_file 581ab2d89f05c294d4fe69c623bdef83 a_file
This is often used when downloading files from possibly untrustworthy mirrors. So long as a trusted checksum can be obtained, it can be used to verify that the data wasn't corrupted whether accidentally or maliciously. Often checksum files are distributed with downloads or kept on secure media to check systems for possible data corruption or intrusion. To create an MD5 checksum file, simply redirect the md5sum
output to a file. md5sum -c
can then be used to run the check later.
[user@station playground]$ for I in $(seq 1 6) > do echo "Content for file-$I" >file-$I > done [user@station user]$ ls file-1 file-2 file-3 file-4 file-5 file-6 [user@station playground]$ md5sum * >files.md5 [user@station playground]$ cat files.md5 37bca4ca3e0aa391ce8676a694940e66 file-1 ab831d920679cd711a85dc72360dbddc file-2 371e1a1c44fac93d8ff0aa87ce623f19 file-3 8472ca817e850d90b2d747254f4ec6d2 file-4 d1c4512228268473f5a7f9e22c20a14c file-5 1c64532d6ba6dd4125be760a1e7f66d3 file-6 [user@station playground]$ echo "different stuff" >file-3 [user@station playground]$ md5sum -c files.md5 file-1: OK file-2: OK file-3: FAILED file-4: OK file-5: OK file-6: OK md5sum: WARNING: 1 of 6 computed checksums did NOT match
Finding and Checking SUID and SGID executables
[edit | edit source][root@station root]# find / -type f -perm +6000 -exec md5sum {} \; >suid.md5 [root@station root]# echo "blah" > /usr/local/bin/new-suid [root@station root]# chmod 4755 /usr/local/bin/new-suid [root@station root]# find / -type f -perm +6000 -exec md5sum {} \; >suid.md5.new [root@station root]# diff suid.md5 suid.md5.new 45a46 > 0d599f0ec05c3bda8c3b8a68c32a1b47 /usr/local/bin/new-suid [root@station root]# mv suid.md5.new suid.md5 mv: overwrite `suid.md5'? y [root@station root]# echo "more" >> /usr/local/bin/new-suid [root@station root]# find / -type f -perm +6000 -exec md5sum {} \; >suid.md5.new [root@station root]# diff suid.md5 suid.md5.new 46c46 < 0d599f0ec05c3bda8c3b8a68c32a1b47 /usr/local/bin/new-suid --- > 9faee5c03d3f99ba4b95be1fc78c847f /usr/local/bin/new-suid
Bash Scripting
< Fedora And Red Hat System Administration
Basics
[edit | edit source]Handling Arguments
[edit | edit source]This program will display all arguments:
for ARG; do
echo "had arg: $ARG"
done
Example Functions
[edit | edit source]Launch Apps and Set Niceness
[edit | edit source] showdates () {
cal
date
ddate
}
donice () {
COMMAND=$1
NICEVAL=$(grep "^$COMMAND" ~/.nice-settings | cut -d: -f2)
if test -n "$NICEVAL"
then
nice -n "$NICEVAL" $*
else
nice $*
fi
}
grpshare () {
if [ $1 = '-g' ]; then
SET_GROUP=$2
shift; shift
else
SET_GROUP=users
fi
for FILE; do
chgrp $SET_GROUP -R $FILE
chmod g+rw -R $FILE
done
}
Example Scripts
[edit | edit source]Setting Environment Variable
[edit | edit source] #!/bin/bash
for PROFILE in $(find /home/ -name .bash_profile)
do
if egrep -q '^(export[[:space:]]+)?EDITOR' $PROFILE
then
# User already set an editor, override that
sed -i.orig -r 's/^(export[[:space:]]+)?EDITOR=.*/export EDITOR=nano/' $PROFILE
else
# No previous editor was set
echo "export EDITOR=/usr/bin/nano" >>$PROFILE
fi
done
Setting Aliases
[edit | edit source] #!/bin/bash
for BASHRC in $(find /home/ -name .bashrc)
do
for ALIAS in "alias rm='rm -i'" "alias cp='cp -i'" "alias mv='mv -i'"
do
ALIAS_CMD=$(echo $ALIAS | cut -d= -f1)
if ! egrep -q "^$ALIAS_CMD" $BASHRC
then
echo $ALIAS >>$BASHRC
fi
done
done
Checking MD5s for SUID and SGID Executables
[edit | edit source] #!/bin/bash
# /root/bin or /usr/local/bin would be a good place for this script
# Probably need to run this as root, otherwise many errors will show up about
# permission problems with reading these files.
NOTIFY_EMAIL=user@station.example.com
# Assume (for now) that we already have a /etc/suid.md5 to compare new file to
find / -type f -perm +6000 -exec md5sum {} \; >/etc/suid.md5.new
if diff /etc/suid.md5 /etc/suid.md5.new &>/tmp/suid-check-diff.out
then
echo "No SUIDs have changed"
else
if [ "$1" = "interactive" ]
then
cat /tmp/suid-check-diff.out
echo "Check FAILED! SUID executable(s) have changed!"
read -p "Is this okay? (yes/no) " RESPONSE
if [ "$RESPONSE" = "yes" ]
then
mv /etc/suid.md5.new /etc/suid.md5
fi
else
echo "Check FAILED! SUID executable(s) have changed!" | mail -s "SUID Change" $NOTIFY_EMAIL
fi
fi
Checking URLs for New Content
[edit | edit source] #!/bin/bash
URL_FILE=$HOME/.content-check-urls
URL_DIR=$HOME/.content-check
if ! [ -d $URL_DIR ]; then
mkdir $URL_DIR
fi
if ! [ -f $URL_FILE ]; then
echo "new-content-check: $URL_FILE not found"
exit 1
fi
for URL in $(cat $URL_FILE); do
MD5_FILE=$URL_DIR/$(echo $URL | md5sum | cut -d' ' -f1)
if [ -f $MD5_FILE ]; then
# Looks like we´ve got an old version of this data, gotta check it
links -dump "$URL" | md5sum > $MD5_FILE.new
if ! diff $MD5_FILE $MD5_FILE.new &>/dev/null; then
echo "New content at $URL"
mv -f $MD5_FILE.new $MD5_FILE
else
rm $MD5_FILE.new
fi
else
# No old version, just store the new sum
links -dump "$URL" | md5sum > $MD5_FILE
fi
done
Connecting via ssh using keys
[edit | edit source] #!/bin/bash
SUCCESS=0
WRONG_ARGS=65
if [ $# -ne 2 ]
then
echo "Uso: `basename $0` user host"
echo "Es : `basename $0` myuser host.example.com"
exit $WRONG_ARGS
fi
if [ ! -e "$HOME/.ssh/id_rsa.pub" ];
then
echo "missing rsa key:"
echo "run \"ssh-keygen -t rsa -b 2048\" and try again"
exit $WRONG_ARGS
else
echo rsa public key found
fi
#Creating check file
echo "#!/bin/bash">check.key.sh
echo "if test -n \"\`ls .*|grep ssh\`\"">>check.key.sh
echo " then">>check.key.sh
echo " if test -n \"\`grep \"`cat $HOME/.ssh/id_rsa.pub|cut -d " " -f2`\" .ssh/authorized_keys2\`\"">>check.key.sh
echo " then">>check.key.sh
echo " echo public key found">>check.key.sh
echo " else">>check.key.sh
echo " echo missing public key:">>check.key.sh
echo " echo putting public key on remote keyring">>check.key.sh
echo " cat id_rsa.pub >>.ssh/authorized_keys2">>check.key.sh
echo " fi">>check.key.sh
echo "else">>check.key.sh
echo "echo missind directory .ssh: creating ...">>check.key.sh
echo " mkdir -p .ssh">>check.key.sh
echo " echo creating remote keyring and copying public key ...">>check.key.sh
echo " cp id_rsa.pub .ssh/authorized_keys2">>check.key.sh
echo "fi">>check.key.sh
echo " echo setting keyring permissions ...">>check.key.sh
echo " chmod 600 .ssh/authorized_keys2">>check.key.sh
echo " echo setting directory permissions">>check.key.sh
echo " chmod 700 .ssh">>check.key.sh
echo "echo check key finished">>check.key.sh
echo "echo \"Please run the following to access the host again\"">>check.key.sh
echo "echo ssh $1@$2">>check.key.sh
echo "echo deleting check files ...">>check.key.sh
echo "rm id_rsa.pub">>check.key.sh
echo "rm check.key.sh">>check.key.sh
chmod +x check.key.sh
scp -p ~/.ssh/id_rsa.pub check.key.sh $1@$2:
rm check.key.sh
ssh $1@$2 ./check.key.sh
ssh $1@$2
Awk Scripting
Awk - A Data Driven Programming Language
[edit | edit source]Under Construction
Using Awk at the Command Line
[edit | edit source]Under Construction
Awk Scripts
[edit | edit source]Parsing User Information from passwd
data
[edit | edit source]/usr/local/bin/bash-users.awk
#!/bin/awk -f BEGIN { FS = ":" USER_COUNT = 0 } /:\/bin\/bash$/ { ++USER_COUNT print $1 } END { print USER_COUNT " bash users." }
Usage:
[user@station user]$ getent passwd | bin/bash-users.awk root jkupferer mesa user 4 bash users.
Users, Groups and Authentication
UNIX users and group basics
[edit | edit source]Managing users and groups
[edit | edit source]Managing file permissions
[edit | edit source]Creating groups shares
[edit | edit source]Remote user accounts with NIS
[edit | edit source]Remote user accounts with LDAP
[edit | edit source]
This page or section is an undeveloped draft or outline. You can help to develop the work, or you can ask for assistance in the project room. |
Filesystem Mangement
Partition Management
[edit | edit source]A partition is a place on disk which contains
at the fdisk prompt: n - create a new partition e - create an extended partition p - will print the table
Block Devices
[edit | edit source]Overview of Partitions
[edit | edit source]Using Radified's [1] analogy, a partition is like
Creating a partition
[edit | edit source]Using the fdisk utility
[edit | edit source]"fdisk -l" ---> listed fdisk -l
the Mkfs Command
[edit | edit source]mkfs, then hit the tab key twice gives you a list mkfs -t * which equals mkfs.*
so mkfs.reiserfs equals mkfs -t reiserfs
VFAT filesystem - tends to be used for usb mkfs -b ----> mkfs -t every partition has
4k is what you want -> optimized for speed rat mkfs -f [fragment size] fdisk -> enters the interactive prompt w - write n - new m - manual +100m - creates a partition q - quit the command "q" will quit fdisk. if you exit with "q" rather than "w"
1000 bytes is kb 1024 bytes is a kib "kibibytes"
running the command "cat /proc/partitions" looking at the file /proc/partitions will tell you what block devices the kernel knows about partprobe - speaks to a higher level of the kernel
it is a good idea to check with "partprobe" if the kernel agrees with our partitions
Sysfs filesystem vs. Proc filesystem
[edit | edit source]Inodes
[edit | edit source]Metadata is stored in the inode
we have goto our filesystem formatted
ctime - when was the inode created mtime - when was the inode last modified
ext2 had to make sure it assigns them to the correct filesystem - tune2fs -l /dev/xvda1
dumpe2fs /dev/xvda1 holding
= Mounting the file system
[edit | edit source]if something is to show up on the desktop, then it will show up as mnt
if we "touch /home/share/unmounted"
the command to mount the
every directory has an inode for the current directory ( in the . entry)
dump e2fs will tell us if
Filesystems
[edit | edit source]ext2 and ext3
[edit | edit source]ext3 is the ext2 filesystem with journaling added. Journaling keeps track of what will be written to the disk prior to the write operation beginning. When the write is done, it is noted in the journal. If the system crashes during a write, it can recover the operation when it comes back up. This prevents incomplete writes from occurring on the disk and eliminates the need to do a filesystem check after a system crash.
jfs
[edit | edit source]JFS is a high a performance filesystem made by IBM and ported to Linux in 2001. It uses B+ trees,extents, and a journal to guarantee the consistency of the file system in the event of a crash.
reiserfs
[edit | edit source]Labeling Filesystems and Block Devices
[edit | edit source]Mounting Filesystems
[edit | edit source]The mount
Command
[edit | edit source]/etc/fstab
[edit | edit source]AutoFS - Automounting
[edit | edit source]AutoFS allows the system to automatically mount devices and network shares as they are requested and even unmount them again when no longer in use. The main configuration for the automounter is /etc/auto.master
. Initially, this file will only contain comments, including examples for a /etc/auto.misc
and /etc/auto.net
.
Basics
[edit | edit source]Automounting Home Directories
[edit | edit source]AutoFS Scripts
[edit | edit source]The /net
Example
[edit | edit source]
Working with repositories
Repositories of extra software
[edit | edit source]Fedora Core only includes a core set of packages. For downloading and installing programs or codecs not distributed with Core, there are several repositories available. Packages are generally compatible between third-party repositories, though this has not always been the case.[1] There are also occasional overlaps or packaging errors that cause one package to negatively affect packages distributed from different repositories.
Official repositories
[edit | edit source]Fedora Core, Fedora Extras and Fedora Legacy are official repositories in this project. Fedora Core is maintained by Red Hat. Fedora Extras is maintained by a group of volunteers and affiliated with the official Fedora Project. Fedora Extras is currently included in the base distribution as a default repository and no extra configuration is required to enable it. Fedora Legacy repository is also included in Fedora Core 5 and above versions but it is not enabled by default.
Unofficial repositories
[edit | edit source]These repositories are designed to be compatible with Fedora Core although they may not be compatible with each other. Some of the repositories have discontinued active support for earlier versions of Fedora Core but keep the repositories around for the convenience of users with previous versions.
- Livna, a third-party repository maintained by a group of packagers, supporting Fedora Core 5 through 14 (as of June 2010). Since it merged in 2008 with two other package repositories into RPM Fusion, it contains just the libdvdcss-1.2.10-1 package.
- RPMforge, containing the packages of Matthias Saou, Dag Wieers and Dries that were previously available in three different repositories, supporting Fedora Core 1 through 5.[4] RPMforge is compatible with Fedora Extras, similar to Livna.[5]
- FreshRPMS, maintained by Matthias Saou, supporting Fedora Core 1 through 6
- Dag, maintained by Dag Wieers, supporting Fedora Core 1 through 3
- Dries, maintained by Dries Verachtert, supporting Fedora Core 1 through 6
- PlanetCCRMA, maintained by Fernando Lopez-Lezcano, supporting Fedora Core 1 through 5
- kde-redhat, Excellent source for KDE support in Fedora Core maintained by a group of packagers that support Fedora Core. Has updated KDE desktop RPMS, general KDE applications such as Bluetooth support.
- The Grey Sector, containing mostly MPlayer related packages and binary packaged codecs (which have some legal issues). The repository is maintained by the MPlayer developer.
- fedora-xgl, containing packages required to enable Xgl on Fedora.
- dribble, containing packages with a focus on fun software (multimedia, games, emulators). It is recommended that this repository be used with Livna.
- ATrpms, maintained by Axel Thimm and supporting Fedora Core 1 through 6.
- Updates base packages ahead of Core. Some administrators consider it a bad idea to update base packages outside of their official channel.
- ATrpms is also used extensively by Fedora Myth(TV)ology - a popular how-to resource for installing MythTV on Fedora Core, maintained by Jarod Wilson.
Legal status
[edit | edit source]Fedora Core, Fedora Extras and Fedora Legacy projects follow the same packaging guidelines in the Fedora project, and they all only maintain packages that are Free, open source software and legally distributable anywhere in the world. Other repositories may have different policies. For example, the Livna project maintains packages that may have legal issues within the United States or can be downloaded only by the end user.
Some repositories also maintain "source-only" packages that require the user to download pre-built binaries that may not be available to the public. The package script then unpacks and repacks the binaries in a format more suitable for deployment on RPM-based systems.
Software update utilities
[edit | edit source]The main tool to install software from repositories is the command yum. A graphical tool called pirut (available in the upper menu bar with the name "Package Manager") is, together with the update program pup ("Package Update"), part of the standard installation since Fedora Core 5. Since FC6, a new mechanism for updates was added, based on a daemon called yum-updatesd that scans the repositories, and a notification applet called puplet that notifies the user about the new updates.
In addition to these standard tools, two graphical alternatives - Yumex [9] and Synaptic - are also available, in Extras. There is also Kyum, which provides a graphical frontend for KDE users.
By default, Fedora Core downloads software (including updates) from a randomly-selected mirror. It is possible to install directly from the Fedora Core CDs or DVD, but this requires changes to yum's configuration files (See off-line repositories below). Altering the configuration in this way is also useful when setting up a local mirror (for example on a company intranet), so that downloads can be obtained from there without having to access a mirror on the Internet.
Up until Fedora Core 4, maintainers of some of the extra repositories advocated the use of apt-rpm for update management - being written in C, it uses fewer CPU cycles and is therefore suitable for older computers with slower processors. For Fedora Core 5, a new version of apt is included in Extras which is capable of using native yum metadata and is multi-lib capable. [6]
Another useful tool to work with repositories is Fedora Helper [10]. It installs and configures the "missing codecs" - MP3 support, for example. It uses the rpm.livna.org repository. Another tool that helps when using different repositories together is Fedora Frog.[11]
Off-line repositories
[edit | edit source]If a machine needs to be updated that is not connected to the network, a repository can be created and updated from there. To create such a portable repository do [7]:
- make the directories ./yum, ./yum/base and ./yum/updates. (if you want your local apache to serve as repository of your intranet, do it inside /var/www/html)
- copy all RPMs of your distribution inside ./base
- create the headers of the packets with the command createrepo ./base (use /var/www/html/yum/base if you did set it for Apache)
- download the updates. To do that, look for a real mirror (there is a list of them here [8]) and rsync with it to pick up changes (they will be stored in the ./updates repository). To rsync use the command
rsync -avrt rsync://repository --exclude=debug/ /your-path/yum/updates
To use the off-line repository from a computer you only have to include in the /etc/yum/repos.d directory an entry (a *.repo file like the others already in /etc/yum/repos.d) specifying the path to the repository. You can use ftp, http or a mounted filesystem. In the latter case the repository path should start with "file://".
References
[edit | edit source]- ↑ FreshRPMs mailing list: (non-)compatibility of repositories
- ↑ Livna's maintainers have a policy to not work together with other 3rd party repositories or at least they had this policy when Fedora Extras was Fedora.us
- ↑ Matthias Saou explains the compatibility issues between FreshRPMs and Livna
- ↑ FreshRPMS, PlanetCCRMA, Dries and DAG (RPMforge.net) build their packages together from the same sources. This ensures much greater cooperation and compatibility and will eventually lead to a merger.
- ↑ "RPMforge: Frequently Asked Questions". Retrieved 2006-07-28.