KEMBAR78
Module 1 - Linux Fundamentals | PDF | Secure Shell | Linux
0% found this document useful (0 votes)
140 views221 pages

Module 1 - Linux Fundamentals

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
140 views221 pages

Module 1 - Linux Fundamentals

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 221

Lesson 1: Introduction to Linux and distributions

Introduction to Linux
Lesson 1 Outline

In this Lesson we will learn about:



What is Linux?


Linux Distribution


Architecture of Linux

How Linux is licensed

How Linux differs from Windows

Advantages of Linux

Redhat, Oracle Linux, and Ubuntu comparison
What is Linux?

What is Linux?
LINUX is an operating system or a kernel distributed under an open-
source license.
The kernel is a program at the heart of the Linux operating system that
takes care of fundamental stuff, like letting hardware communicate with
software.
What is Linux?(continued)
Linux Distributions
Architecture of Linux
Architecture of Linux (continued)
How Linux is licensed
How Linux differs from Windows
Advantages of Linux
Advantages of Linux (continued)
Ubuntu vs RHEL/Oracle Linux
Ubuntu vs RHEL/Oracle Linux(continued)
Lesson 2: Linux Installation and Configuration

Oracle Linux and Ubuntu Installation


Oracle Linux and RHEL 9.2 Requirements x86_64

Minimum system requirements



1.5 GB RAM

10 GB unallocated disk space

Recommended system requirements



4 GB RAM

20 GB unallocated disk space
RHEL 9.2/Oracle Linux Supported architecture

Minimum system requirements



AMD and Intel 64-bit architectures

The 64-bit ARM architecture

IBM Power Systems
Installation

Ubuntu Installation
Installation
Lesson 3: Linux File system hierarchy

Linux File system hierarchy


The file system hierarchy


The file system
hierarchy
The file system
File types
File names
The file system hierarchy standard
The root directory and root partition
/bin, /boot, /dev, /etc directories
/home, /lib, /opt, /proc directories
/root, /sbin, /srv, /tmp directories
The /usr hierarchy
/var
Mount points
The file system
File types
File types (continued)
File types (continued)
File Names
The root directory and root partition
The File system hierarchy standard
The File system hierarchy standard
Root directory: / and /bin directory
/boot, /dev, /etc
/home, /lib, /media
/mnt, /opt, /sbin
/srv, /tmp, /usr
/proc
Mount Points
Pre-defined mount points
File system hierarchy quiz
Lesson 4: Connection

Connection
Secure Communication
Secure Communication


Communicating between servers in a secure way, and

Secure Shell (SSH) is the common solution

The secure shell or ssh is a collection of tools using a secure protocol for
communications with remote Linux computers

The ssh protocol is secure in two ways. Firstly the connection is
encrypted and secondly the connection is authenticated both ways. It
works on port 22
SSH


SSH is a server/client protocol offering
– sshd as the server and the ssh and scp commands as the client.
– The client connects to the server, they establish an encrypted session


The implementation of SSH used on Linux systems is OpenSSH.

SSH provides security by using secret Keys generated in two ways:
– RSA (Rivest, Shamir, Adleman) – propritery algorithm, default
– DSA (Digital Signature Algorithm – open algorithm
Transfer or receive files

Note: For file transfers between Windows and Linux, WinSCP or FileZilla
provide versatile solutions for uploads and downloads in both directions.

When copying files within Linux servers, the SCP command is the go-to tool.
Here's an example of using SCP to copy a file:

# scp /path/to/local/file username@remote_server:/path/to/destination/


Start sshd


Package name openssh-server* & openssh-clients* for
server and client respectively.
# apt-get install openssh-server

Configuration file is /etc/ssh/sshd_config
● To show sshd status use the following command:
# systemctl status sshd
● To start sshd use the following command:
# systemctl start sshd

To enable the service at boot time use command:
# systemctl stop ssh

To restart the SSH server use the following command:
# systemctl restart ssh
Create ssh key pair


key pair file stored in directory /etc/ssh/

To generate key pairs
# ssh-keygen

To list private key
#ls -l /etc/ssh/ssh_host_rsa_key

To list public key
#ls -l /etc/ssh/ssh_host_rsa_key.pub

To Login ssh without password prompt to localhost:
# ssh-coyp-id localhost
Note
To reverse the above regenerate ssh pair key to
Overwrite
ssh client
● ssh command Used to secure shell sessions with server
# ssh [options] username@hostaddress [command]
– Can also be used to copy files or tunnel other data
– See man ssh for options

enable root user ssh login
#vi /etc/ssh/sshd_config
PermitRootLogin yes

$$ ssh
ssh lpiuser@192.168.1.1
lpiuser@192.168.1.1
lpiuser@192.168.1.1's
lpiuser@192.168.1.1's password:
password:
$$ ls
ls
bin
bin
boot
boot
dev
dev
etc
etc
home
home
lib
lib
lib64
lib64
lost+found
lost+found
media
media
scp client


scp is used to copy files over ssh.

Scp command transfers files from a remote host to the local system
or from the local system to a remote host.

It utilizes the ssh server for authentication and encrypted data
transfer.
scp user@host:path/file user2@host2:path/file2
– user@host maybe omitted for local files, path is relative to $HOME


Example
$$ scp
scp root@192.168.1.1:/var/www/html/LPI
root@192.168.1.1:/var/www/html/LPI /Users/Macbook/Shopping
/Users/Macbook/Shopping
scp(secure copy)

Example1:

Here copy the /etc/hosts file from the remote server to
the home directory of lpiuser
[root@server02]# scp root@192.168.1.1:/etc/hosts
/home/lpiuser/serverhosts
Example2:

Here is an example of the reverse, copying a local file to a
remote server.
[root@server02]# scp /home/lpiuser/serverhosts
root@192.168.1.1:/etc/hosts.new
Synchronize files and folders with rsync


rsync tool use to securely copy files from one system to
another. It differs from scp in that if two files or directories
are similar between two systems, rsync only needs to
copy the differences between the system, while scp copy
everything.

Two most common options
– a archive mode
– v verbos
# rsync option source destination

Example:
content of /var/log is synchronized into /tmp
[root@server02]# rsync -av /var/log /tmp
Exercise


ssh into your ssh server.

scp /etc/hostname from your ssh server into your ssh
client.
Lesson 5: Basic Linux Commands

Basic Linux Commands


Lesson 5: Outline


In this lesson we will learn how to:
– Work on the command line
– Process text streams using filters
– Perform basic file management
– Use streams, pipes and redirects
Basic use of the shell


Basic use of the shell
Simple commands

Command options

Command arguments

Command history

Absolute and relative pathnames

File name completion


Logging in


After booting, a desktop system will usually present a graphical login
dialog

Enter your login name and password (both are case sensitive)

Systems (eg servers) which do not run a graphical desktop will
present a command line login

Enter login name and password

A 'shell' (command interpreter) is started

Our machines are currently configured for a command line login

We will reconfigure them to use a graphical login and GNOME desktop
later

Please log in now:
● Log in as the user 'your user name'
● Supply the password 'Password' Do now!
Logging out


To logout from a command-line environment:

Enter the “end of file” character (usually ^D)
● Or type the command exit

Please:

Log out
Do now!

Log back in again
The shell


The 'shell' is the linux command interpreter


The shell operates in a command processing loop:

Displays a 'prompt' and reads a command line

Peforms various substitutions and expansions on the command line

Executes the resulting command and waits for it to finish

Loops back and prompts for another command


Several shells have been written for UNIX and Linux
● Bourne shell (sh), Korn Shell, C Shell, Bourne Again Shell (bash)

The core feauture set of all these shells is very similar
● We will focus on bash, the most popular shell on Linux
Simple commands


Try these simple commands: Do now!
$ hostname
snowhite Reports the name
$ date of this machine
Mon Mar 25 11:48:33 EAT 2024
$ id
$ hostnamectl
uid=1001(lpiuser) gid=1001(lpiuser) groups=1001(lpiuser)
$ cal
March 2024
Su Mo Tu We Th Fr Sa
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30
Command options


Command options modify the behaviour of a command
– Usually, an option is a single letter prefixed by '-'
$ cal -y
... calendar for the entire year ...
$ date -I Options are case sensitive
2024-03-25
The date in ISO format


Some commands also have 'long' options
– Begin with '--'
– Supplement or replace the traditional single character options
$ date --iso-8601
Same as '-I'
2024-04-16
Command arguments


Most commands accept arguments
– The command name, options, and arguments are separated by
whitespace (spaces and tabs)
– Arguments are often the names of files or directories on which to operate
$ cal 2024
... calendar for the year 2024 ...
ls lists the contents of the
$ ls /home
specified directory /home
chris dilbert tux

Options and arguments are often used together:
$ ls -l /home The -l option requests
total 6 a 'long' listing
drwxr-xr-x 66 chris users 3328 2004-04-16 11:48 chris
drwxr-xr-x 17 dilbert users 1112 2004-02-09 11:52 dilbert
drwxr-xr-x 18 tux users 1240 2004-03-30 20:29 tux
Command history

● bash remembers the most recent commands you've entered


– stored in the file .bash_history in your home directory
– survives across logout / login, shared by all instances of bash
– size of history file is configurable
● The history command shows your command history
history shows your entire command history
history 10 shows the last ten commands
history -c clears your command history


Previous commands can be selected and re-executed
!85 re-execute command 85
!string re-execute most recent command that began with string
!! re-execute last command
Command history (continued)


You can also edit your command history on screen.
– The following keys are used:

 scroll back through history

 scroll forward through history

 move left along line

 move right along line


string insert text string into line
<DEL> delete character
<ENTER> execute the command
Command history (continued)


To provide you with a command history, execute the following
commands:
$$ pwd
pwd Do now!
$$ hostname
hostname
$$ cal
cal -y
-y
$$ date
date
$$ id
id
$$ cat
cat /etc/hosts.allow
/etc/hosts.allow
$$ cat /etc/fstab
cat /etc/fstab

● Recall your command history with the history command


● Recall the date command by command number
● Recall the most recent command beginning with 'ho'
● Using the arrow keys, recall the 'ls' command, changing the file
name from hosts.allow to hosts.deny
Absolute path names

/ (root)

root home etc

hosts.allow
tux lpiuser dumpdates
exports

code reports Documents Desktop

main.c July_Conf Shopping


edges.c paris
progress Sep_2003 rome
quality Oct_2003
Absolute path names (continued)


The linux file system is organized in a tree structure

The top level directory of the tree is called the root directory and is
named '/'

A file or directory can be referenced using an absolute pathname
– Starts with a '/'
– Traces a path from the root of the tree to the file
– Uses '/' (forward slash) to separate components of the pathname

Examples:
/etc/hosts.allow
/home/lpiuser
/home/lpiuser/Desktop/config.sh
/home/lpiuser/Documents/sample.log
Relative path names


Pathnames not beginning with '/' are relative to the current directory
● Examples (assuming /home/lpiuser is the current directory):
Desktop
Documents
● Every directory has a special entry named '..' which references the
parent directory
– The directory immediately above it in the tree
● Use relative pathnames beginning with '..' to move outside the
current directory
● Examples (assuming /home/tux/code is the current directory):
../reports/July_Conf
../../lpiuser/Desktop/paris
File name completion


When entering a command, bash will perform filename completion
– Press the TAB key
– bash will complete as much of the name as is unambiguous, based on the
name completed so far and the names of the existing files
– Less typing, less chance for typing mistakes
– If there are several possible matches, [TAB] [TAB] will show them all

Example ([T] denotes the TAB key)
$ ls -l /h[T]/t[T]/re[T]/Ju[T] ... completes to:
$ ls -l /home/tux/reports/July_Conf

Using file name completion to minimize typing, do a long directory
listing (ls -l) on these files:
Do now!
/home/lpiuser/Documents/Shopping
/home/tux/code/main.c
/boot/vmlinuz.config
Exercise


List the files in your home directory
– Using absolute path name
– Using relative path name


Show the content of the Shopping file you downloaded from server
– Using absolute path name
– Using relative path name
Filter programs


Filter programs

Six useful commands

Standard input and output

Redirecting standard output

Redirecting standard error

Filter programs

Redirecting standard input

Using programs in combination

Pipelines
Six useful commands


There are hundreds of command line tools for linux. There are only
about 30 that you need to know to be proficient at the command line
– We have already met date, id, ls, touch, chmod and chown

In this section we'll meet another six useful commands:
– less Browse text files
– grep Search for patterns in files
– wc Count characters, words, lines in a file
– head Display the beginning of a file
– tail Display the end of a file
– sort Sort the contents of a file

Individually, each command does a fairly simple job
– Much of the power of the Linux command line comes from using tools in
combination
Browsing text files with less

● The program less (an extension of an earlier program called more)


provides a simple way to display a text file
● less is an interactive program and waits for you to enter a command
– Bidirectional scrolling
– Searching
Examples: $ less /var/log/messages
Command Meaning
SPACE Scroll forward one screen
b Scroll backward one screen
Down arrow Scroll forward one line
Up arrow Scroll backward one line
/string Search forward for string
?string Search backward for string
n Repeat previous search
5G Go to line 5
h Display help screen
q Quit (back to command prompt)
Browsing text files with less (continued)


Use less to browse the file /etc/profile Do now!
– Use the down arrow key and/or the SPACE bar to
browse through the file
– Return to the beginning of the file (i.e. go to line 1)
– Search forward for the string 'USER'
– Repeatedly search forward for further occurrences of the string
– How many times does the string appear in the file? _______________
– Display the help screen
– Quit from less back to the shell prompt
Searching for patterns with grep

● The program grep searches one or more text files for lines that
match a specified pattern. At its simplest, it is used like this
$ grep 'string' file1 file2 ...
– Lines in the file(s) that contain a match for the string are displayed
– Note: putting the string inside single quotes is not always necessary but is
good practice, for reasons we will examine in chapter 8

Examples:
$ grep 'CPU' /var/log/messages
$ grep 'error' /var/log/messages
$ grep 'lpiuser' /etc/passwd
lpiuser:x:501:501::/home/lpiuser:/bin/bash
$ grep 'Clothes' Shopping
Supermarket 50 Clothespegs 1.25
Clothes 1 Trousers 24.99
Clothes 6 Socks 9.00
Clothes 2 Skirt 28.00
Options for grep

● Command line arguments for grep include:

Option Meaning
-r Recursive: search all files in and below a given directory
-i Ignore upper / lower case distinctions
-l Show only the names of files that contain a match; not the matching lines
-v Display lines that do not contain a match for the pattern
-Cn Show n lines of context before and after each matching line
-An Show n lines of context after each matching line
-Bn Show n lines of context before each matching line
Anchoring the search

● The string that grep looks for is called a regular expression


– Can contain special characters that match specific patterns in the text
– Not covered in depth in this course

The characters '^' and '$' anchor the search to the beginning and end
of the line respectively
● $ grep 'Clothes' shopping
Supermarket 50 Clothespegs 1.25
Clothes 1 Trousers 24.99
Clothes 6 Socks 9.00
Clothes 2 Skirt 28.00

● $ grep '^Clothes' shopping


Clothes 1 Trousers 24.99
Clothes 6 Socks 9.00
Clothes 2 Skirt 28.00
Counting characters, words and lines with wc

● The command wc counts lines, words and characters in its input files
$ wc /etc/passwd shopping
29 64 1510 /etc/passwd
15 56 491 shopping
44 120 2001 total

Command line options include:

Option Meaning
-l Show only the line count
-w Show only the word count
-c Show only the character count
Displaying the start of a file with head

● The head command displays the beginning of one or more files


$ head -N file1 file2 ...
– Displays the first N lines of each file (default = 10 lines)

Example:
$ wc shopping
12 48 300 shopping The file shopping
has 12 lines

$ head -4 shopping
Supermarket 1 Chicken 4.55 Here are the first 4
Supermarket 50 Clothespegs 1.25
Bakers 3 Bread 2.40
DIY 1 Hosepipe 15.00
Displaying the end of a file with tail

● The tail command displays the end of a file


$ tail -N file1 file2 ...
– Displays the last N lines of each file (default = 10 lines)
● Example: the last line of the passwd file:
$ tail -1 /etc/passwd
tux:x:504:100:Tux Penguin:/home/tux:/bin/bash
● The -f option causes tail to wait after reaching the end of the file
– Any text subsequently appended to the file is displayed
– Very useful for monitoring the growth of log files
Sorting a file with sort

● The sort command sorts its input line by line


– By default, does alphanumeric sort on entire line

Command line options include:

Option Meaning
-f Ignore upper/lower case distinction
-n Numeric sort
-r Reverse sort
-k N Sort on field N (first field is 1)
Example of using sort

$ sort -n -r -k 4 shopping
Clothes 2 Skirt 28.00
Clothes 1 Trousers 24.99
DIY 1 Hosepipe 15.00
DIY 20 Sandpaper 10.00
Clothes 6 Socks 9.00
DIY 2 Doorknob 8.40
Bakers 2 Quiche 6.50 Reverse numeric
Supermarket 1 Chicken 4.55 sort on fourth field
Bakers 3 Bread 2.40
DIY 2 Screwdriver 2.00
Bakers 10 Muffin 1.95
Supermarket 2 Milk 1.25
Supermarket 50 Clothespegs 1.25
DIY 50 Nails 0.95
More sort examples for you to try


Try the following commands; make sure you
understand the results
Do now!
$ sort shopping
$ sort -r shopping
$ sort -k 3 shopping
$ sort -k 2 shopping
$ sort -n -k 2 shopping
$ sort -n -r -k 2 shopping

Most commands allow you to combine multiple options, e.g.
$ sort -nr -k 2 shopping
$ sort -nrk 2 shopping
# nl shopping --- to order in number format.
Standard input and standard output


Every program started from the command line has three standard
streams:
– Stream 0: Standard input (stdin): from the keyboard by default
– Stream 1: Standard output (stdout): to the terminal by default
– Stream 2: Standard error (stderr): to the terminal by default

Standard
Standard Output
Input (1)
(0)Any linux
program
(2)
Standard
Error
Redirecting standard output


The “normal” output from a program is written to standard output

The shell can be told to redirect standard output to a file
$ date > myfile
$ ls /opt > myfile Beware! myfile will be overwritten if it exists
$ ls /boot >> myfile The output is appended to the file

myfile

Standard
Output
Standard
Input (1)
(0)Any linux
program
(2)
Standard
Error
Redirecting standard error


Error messages are written to the standard error stream
– The notation 2> redirects standard error

$$ ls
ls /opt
/opt /test
/test >> mylist
mylist
/bin/ls:
/bin/ls: /test: No such
/test: No such file
file or
or directory
directory
$$ ls /opt /test > mylist 2> myerrors
ls /opt /test > mylist 2> myerrors
$$ cat
cat myerrors
myerrors
/bin/ls:
/bin/ls: /test:
/test: No
No such
such file
file or
or directory
directory
ls /opt /test 2>> myerrors Theerror
$$ ls /opt /test 2>> myerrors The errorisisappended
appendedto
tothe
thefile
file

Standard
Standard Output mylist
Input (1)
(0) ls
(2) myerrors
Standard
Error
Combining standard error with standard output

● The notation '2>&1' says 'send output stream 2 (standard error) to


wherever output stream 1 (standard output) is going'

$$ ls
ls /opt
/opt /test
/test >> mylist
mylist 2>&1
2>&1
$$ cat
cat mylist
mylist
/bin/ls:
/bin/ls: /test:
/test: NoNo such
such file
file or
or directory
directory
/opt:
/opt:
gnome
gnome
kde3
kde3
mozilla
mozilla

Standard
Standard Output
Input (1)
(0) ls mylist
(2)
Standard
Error
Filter programs

● Programs such as grep, wc, head, tail and sort read their
standard input if they are not given a filename argument

Programs that read standard input, process it, and write the result to
standard output are called filters

$ sort Since no file name is given, sort reads


apple from standard input (the keyboard)
orange
banana
^D The user enters ^D to
apple signify the end of input
banana
orange The sorted output is written
to standard output
Translate characters from input streams


The notation '<' redirects a program's standard input
● This example shows another filter, tr, performing lower to upper
case conversion
$ tr a-z A-Z Here, standard input comes from
Hello World the keyboard; used ^D to terminate
HELLO WORLD
$ tr a-z A-Z < /etc/motd Standard input comes from a file
WELCOME TO FIRST TECHNOLOGY TRANSFER


Standard input and standard output can both be redirected
$ tr a-z A-Z < /etc/motd > outfile
$ cat outfile
WELCOME TO FIRST TECHNOLOGY TRANSFER
Using programs in combination


The output of one program may be used as input to another
– An intermediate temporary file is one way to do this

$ grep DIY shopping > temp Get list of all DIY items
$ sort -n -k 4 < temp
DIY 50 Nails 0.95
DIY 2 Screwdriver 2.00
DIY 2 Doorknob 8.40 List sorted
DIY 20 Sandpaper 10.00 on price
DIY 1 Hosepipe 15.00
Pipelines


A pipe connects the standard output of one program directly to the
standard input of another
– The two programs are run concurrently
$ grep DIY shopping | sort -n -k 4
Do now!

shopping

Standard Standard
Output Input (1)
(1) (0) sort
(0) grep (2)
(2)
Standard
Error
More pipeline examples


How many items in the shopping list are from the Baker's?
$ grep Bakers shopping | wc -l
● Do a long listing of /etc, browse the output through less
$ ls -l /etc | less

Find the most expensive item in the shopping list
$ sort -n -r -k 4 shopping | head -1
● How many files in /lib are actually directories?
$ ls -l /usr/lib | grep '^d' | wc -l
Exercise: Using filters

● Display the first 10 lines of the file /etc/profile


– Hint: use filename completion to reduce typing

Display the first 20 lines of the same file
– Hint: use command history to reduce typing

Show the last line (only) of the same file
● Search /etc/profile for the string HOSTNAME
– Hint: use grep

Redo the search, but ignore upper/lower case distinctions – i.e.
search for hostname, HOSTNAME, etc
● (Harder) Display all lines in /etc/sudoers that are not comments (i.e.
do not start with a '#')
Exercise: I/O Redirection and pipelines

● Create a file called stuff1 containing a long listing of the files in /etc
– Hint: Redirect standard output
● Search stuff1 for lines containing the string “rw-r-----”, putting
the output in a file called stuff2
● Count the number of lines in stuff2
– Don't count them yourself, make the computer do it!

Create a pipeline (no intermediate files) that displays a count of the
number of files in /etc that have access mode “rw-r-----”
● Create a file called stuff3 which contains, in order:
– The current date and time
– A calendar for the current year
– The hostname of your machine, converted to upper case
– Hint: append standard output to the file
Exercise: I/O Redirection and pipelines (contd)


Bonus Exercises:

Using a pipeline, display the line that describes the most expensive
DIY item in the shopping list file
● Run the command ps aux and examine the output. It gives a list of
all processes running on the computer. You're not expected to
understand all of this output, but note that the first field shows the
owner and the fifth field shows how much memory the process is
using

Using pipelines, devise commands to answer the following:
– 1. How many processes are there altogether?
– 2. How many processes are owned by root?
– 3. How many processes are not owned by root?
– 4. Which of root's processes is using the most memory? (Your pipeline
should just display the line describing this process)
Managing files


Managing files

The current directory


Creating and deleting directories
Listing directory contents
Copying files
Renaming files
Deleting files
Updating files
Links and the inode table
Creating links to a file
File and directory permissions
revisited
Setting and querying the current directory


Every process (including the shell) has a current directory
– Where it will look for relative path names
– The cd command changes the current directory.
– The pwd command displays the name of the current directory
$$ cd
cd cd with no arguments takes you
$$ pwd
pwd to your home directory
/home/tux
/home/tux
$$ cd
cd pics
pics Descend into a subdirectory
$$ pwd
pwd
/home/tux/pics
/home/tux/pics
$$ cd
cd /etc
/etc Change directory using an
$$ pwd
pwd absolute pathname
/etc
/etc
$$ cd
cd -- '-' takes you back to your
/home/tux/pics
/home/tux/pics previous directory
$$ cd
cd ..
..
$$ pwd
pwd '..' takes you up one level
/home/tux
/home/tux
Creating and deleting directories

● The mkdir command creates new directories


– -p option creates additional directories, if required, along the path
● The rmdir command deletes directories
– Only if they are empty

$$ mkdir
mkdir proposals/january
proposals/january
mkdir:
mkdir: cannot
cannot create
create directory
directory `proposals/january':
`proposals/january':
No
No such
such file
file or
or directory
directory
$$ mkdir
mkdir -p
-p proposals/january
proposals/january
$$ rmdir
rmdir proposals
proposals
rmdir:
rmdir: `proposals':
`proposals': Directory
Directory not
not empty
empty
$$ rmdir
rmdir proposals/january
proposals/january
$$ rmdir
rmdir proposals
proposals
$$
Listing directory contents with the ls command

● The ls command lists files in a directory


– If a directory name is given, the contents of the directory are shown
– With no arguments, the current directory is listed
● ls has many options. Here are a few:

Option Meaning
None Display filenames only, in a multi-column listing
Display a 'long' listing, including file type, permissions, modification time, and
-l
size, in addition to the name
-a Display 'hidden' files (ones whose names begin with a '.')
After each name, append a character to indicate the file type: '/' indicates a
-F
directory, '*' indicates an executable file, '@' indicates a symbolic link
-i Display inode numbers (discussed later)
-t Sort by time of last alteration (by default, sort is alphabetic on file name)
-u Sort by time of last access
-R Recursive: descend into any subdirectories
-d When listing a directory, list just the directory entry, not the contents
Hidden files


Files whose names begin with a '.' are “hidden”
– They do not show up on a normal directory listing
– Most of them are configuration and startup files, for example:
– .bash_history: Where the bash shell stores its command history
– .xinitrc: Startup file for the X window system
– .bashrc: Startup file for the bash shell
– .profile: Startup file for all shells
● Use ls -a to show hidden files
Copying files with the cp command


The cp command copies files
$ cp file1 file2
– This form makes a copy of file1 under the name file2
$ cp file1 file2 ... dir
– This form makes copies of file1 file2 ... in (existing) directory dir

Beware: the destination files will be replaced if they already exist

Options include:
Option Meaning
Interactive mode: ask for confirmation before replacing an
-i
existing file
If the destination file already exists, perform the operation
-u
only if the source file is newer than the destination file
-l Create links instead of making copies
-s Create symbolic links instead of making copies
-r, -R Copy directories recursively
Renaming files with the mv command

● The mv command renames or moves files


$ mv file1 file2
This form renames file1 as file2.
$ mv file1 file2 ... dir
This form moves file1 file2 ... into (existing) directory dir

Beware: the destination files will be replaced if they already exist

Options include:

Option Meaning
Interactive mode: ask for confirmation before replacing an
-i
existing file
If the destination file already exists, perform the operation
-u
only if the source file is newer than the destination file
Deleting files with the rm command

● The rm command deletes files


$ rm file1 file2 ...

Beware: there is no 'undelete' command!

Options include:

Option Meaning
-i Interactive mode: ask for confirmation before deleting

Normally rm will prompt for confirmation before deleting a


-f file on which you do not have write permission. The -f flag
suppresses this prompt and forces rm to delete the file

Recursive mode: delete all subdirectories and contents


-r
(Use with caution!)
Updating files with the touch command

● The command touch updates the access and modification


timestamps on a file to the current time
– Makes it appear that the file has just been modified
– If the file does not exist it is created with zero length
$ touch file1 file 2 ...
● Options for touch include:

Option Meaning
-a Update only the access timestamp
-m Update only the modification timestamp
Update the timestamps to match those of file, not the
-r file
current time
Update the timestamps to the specified time, in the
-t time
format [[CC]YY]MMDDhhmm[.ss]
Links and the inode table

The filesystem associates a structure called an inode with each file

– Contains file's attributes and pointers to the actual data blocks


– space for inodes (inode table) is pre-allocated when file system created

An inode (index node) is a data structure in a file system that stores metadata about a file or
directory. Each file or directory in Linux is associated with an inode, which holds information such
as file size, permissions, timestamps, ownership, and the location of the file's data blocks on the
disk.
Link to parent 1
2
3
Directory /home/tux 4
Name inum
5
6 Type = regular file
. 55 7 Owner = tux
.. 93 8
Group = student
9
stuff 7 Mode = rw-r--r--
10
Time last accessed
shopping 10 11
12 Time last modified
13 Pointers to data blocks
A link associates a name with inode table
an inode number. A directory
Supermarket 1 Chicken ..
contains a list of links.
Creating links to a file with ln


Creating additional links to a file allows the file to be referenced by
more than one name
● General form of ln command is: Directory /home/tux
$ ln existing_name new_name Name inum 1
2
. 55 3

Example:
.. 93 4
$ cd /home/dilbert foo 7 5
6
$ ln ../tux/shopping mylist shopping 10 7
8
Directory /home/dilbert 9
10
Name inum 11
The system keeps count (in 12
. 1236 13
the inode) of the number of .. 93 inode table
links. When the last link is
removed, the inode and the bar 12
data blocks are freed. mylist 10
Familiarizing with links

● The -i option to ls shows the inode numbers


$ ls -li
total 4
190116 -rw-r--r-- 1 tux users 491 2004-04-19 11:22 shopping
$ ln shopping mylist
$ ls -li
total 8
190116 -rw-r--r-- 2 tux users 491 2004-04-19 11:22 mylist
190116 -rw-r--r-- 2 tux users 491 2004-04-19 11:22 shopping
$ rm shopping
$ ls -li
total 4
190116 -rw-r--r-- 1 tux users 491 2004-04-19 11:22 mylist

The inode number The link count


Symbolic links


A symbolic link is a special type of file that simply contains the
pathname of a “target” file
– Any references to the symbolic link are automatically translated into
references to the target
● The '-s' flag tells ln to create symbolic links
● $ ln -s shopping mylist
$ ls -l shopping mylist
lrwxrwxrwx 1 chris users 8 2004-04-23 11:43 mylist -> shopping
-rw-r--r-- 1 chris users 491 2004-04-23 09:24 shopping

Deleting the target file breaks the symbolic link and causes confusing
behaviour:
$ rm shopping
$ less mylist
mylist: No such file or directory
File and directory permissions revisited


The ways in which file access permissions control what you can do
derive from a few simple rules
– To access the data in a file, you need read permission on the file
– To modify the data in a file, you need write permission on the file
– To list the names (only) of the files in a directory, you need read
permission on the directory
– To list the attributes of the files in a directory (e.g. to perform an ls -l), or
to use the directory in a pathname, or to make it your current directory,
you need execute permission on the directory
– (You need both read and execute permission to have useful access to a
directory)
– To add a link to a directory, or to remove a link from a directory, you need
write permission on the directory
Exercise: Managing files

1. Log in as root
2. Copy the files passwd, group, hosts and fstab from /etc to your
home directory
3. In your home directory, rename the file fstab to table
4. Create a directory called private in your home directory
5. Change the permissions on private so that only you can access it
– Hint: the permissions should be rwx------
6. Move the files passwd and group into private
7. Change directory into the private directory and list the files there
8. Log out and log back in as lpiuser with password XXX
– Can you list root's home directory? ___________________________
– Can you list root's private directory? __________________________
Exercise: Managing files (continued)

9. Log out as lpiuser and log back in as root


10. Create a hard link called mygroup in your home directory to the file
group in the private directory
– What is the inode number associated with this link? _________
11. Create a symbolic link called mypasswd in your home directory to the
file passwd in the private directory
12.Delete the private directory and its contents
13.Try to access the files mygroup and mypasswd in your home directory
– What happens? ______________________________________________
– Can you explain why? ________________________________________
14.Delete the symbolic link mypasswd
End of Exercise
Miscellaneous features


Miscellaneous
features
File name expansion using
wildcards
Editing with vi
Finding files with find
Manual pages
Builtin help
HOWTO documents
Filename expansion using wildcards


The shell uses several meta-characters for matching patterns in file
names. This process of wildcard expansion is known as file globbing
or file name expansion or simply globbing.

The command as
typed The shell looks
in the current
directory for
matching file alias.pl
$ ls -l *.c names edges.c
edges.o
main.c
main.o
… and substitutes
wireframe
them back into the
The command as command line
executed

$ ls -l edges.c main.c
Filename expansion using wildcards (continued)

* Matches zero or more characters


? Matches exactly one character
[ ] Matches any one of the enclosed characters, e.g. [AaTt]
[x-y] Matches any character in range
e.g. [a-m] [A-Z] [0-9]

Linux has no notion of filename “extensions”
– * matches all names, like *.* in DOS
– E.g. $ ls *
– E.g. $ cp *.txt bkp

Multiple wildcards can be used
– E.g. rm [A-Z]*.html

Wildcards can be used in multiple components of a pathname
– E.g. rm backups/*.199[7-9]/expenses??
Wildcard quiz

Given these files in the current directory What do these commands do?

410-chap1.doc intro.old rm *.old


410-chap2.doc meetings.June ls -l 410-chap?.doc
410-chap3.doc meetings.July less 410-chap[2-5].doc
410-chap4.doc meetings.Aug mv ideas* training
410-chap5.doc oldstuff mv ideas.* training
410-CHAPS.doc opensource rm *old*
display openwindows
rm *
display.c project6
cp [v-z]* training
display.h project45
display.object project46
cp [a-z]* training
ideas project346
ls display.?
ideas.old training rm proj*6
ideas.older venues rm proj*[a-z]6
index windows
intro x-windows

A directory
Exercise: Wildcards

● Do a long listing of all the files in /usr/bin whose names contain a


digit
– How many such files are there?
● Create a subdirectory called config in your home directory
● Copy all the files whose name ends in .conf from /etc to your
config directory
– Can you find a way to supress the error messages due to unreadable
files?
● Change the access permissions of all files in your config directory to
be “rw-------”
● Are there any files in your config directory whose name begins with
a vowel?
● Delete any files in your config directory whose name begins with a
vowel
Editing with vi

● The editor vi is the 'standard' editor on UNIX and Linux systems



Advantages:
– It is available on every UNIX and Linux system
– It works on character terminals, without a graphical user interface
– It is fast and powerful once you know it well

Disadvantages:
– It is a 'moded' editor which makes it difficult to learn initially
– There are a lot of commands to remember

Professional Linux users and administrators benefit in the long term
by learning vi
– Budget several hours of learning time, over a period of time
Working modes in vi

● vi has three major operating modes


Start

Command Mode i = insert before


cursor Insert Mode
A = append to line
Most editing operations such
as deleting and searching are others ... The characters you
done in command mode. type are entered into
Most use single character ESC the edit buffer
commands

':' Newline

“Bottom Line” Mode

Most commands that require arguments use this mode.


e.g. global search and replace, write buffer to file, go to
given line number. The command is terminated by a newline
Command mode in vi


In command mode, most 'ordinary' characters invoke a command
– This table shows a minimal command set to survive with vi. It is nowhere
near complete and does not show the full power of the command set.
dd Delete the current line (cut and put in the paste buffer)
dd Delete to end of line
/string Search for string, forwards from current cursor position
?string Search for string, backwards from current cursor position
n Repeat the search in the same direction
N Repeat the search in the opposite direction
yy Yank' (copy) the current line into the paste buffer
p Insert the paste buffer before the current cursor position
ZZ Save the file and exit (this is the normal way to exit vi)
. Repeat the last change at the current cursor position
v start selecting
y copy
d cut
u undo
ctrl+ r redo
“Bottom line” mode in vi


The table below shows some important 'bottom line' commands
– There are also powerful global 'search and replace' commands that are
not shown here

Command Meaning
:q Quit the editor (only works if no changes have been made)
:q! Quit the editor, abandoning any changes that have been made
:wq Write the file out and exit (same as 'ZZ' in command mode)
Write the edit buffer out to the specified file (instead of the
:w file original file)
:41 Go to line 41

:%s/host/hostname replace host with hostname

:%s/host/hostname/g replace all host with hostname


x delete a single character
dw delete a single word
Exercise: Using vi


Using vi, enter the text:
A linux sysadmin called Pete
Typed all his commands with his feet
After “rm -r”, his toe hit a star,
A sysadmin no longer is Pete

● Save the text to the file limerick in your home directory


Make the following changes:
– Change 'Pete' to 'Joe', (twice) and 'feet' to 'toe'
– Swap the first line with the last line. (Use cut-and-paste, don't retype!)
– Delete the third line

● Save the result in the file junk (not to the limerick file)
Finding files with the find command
● The find command searches for files meeting specified criteria
– Name, owner, group, timestamps, permissions, size, etc.
● find has a complicated syntax; the general framework is:
Syntax: find <path> <expression> <action>

$ find /home/user/documents -type f -name "*.txt" -size +1M -exec rm {} +

find Where to look What to look for What to do with it

List of directories to Set of criteria The action to take


start looking in. find which files must when a matching file is
will search match. Can be found. The default is to
recursively down used in AND and print the pathname to
through the file OR combinations the file
system from here
Search criteria for find

● Search criteria for find include:

Syntax Description Example


-name 'string' File name matches ‘string’. -name '*.old'
Wildcards are allowed

-iname 'string' Same as -name but not case -name 'greet*'


sensitive

-user username File is owned by username -user dilbert


-group groupname File belongs to groupname -group root
-type d, f, or l File is a directory, regular file, -type f
or symbolic link

-size +N File is bigger than N blocks -size +1000k


suffix c = bytes, k = kbytes

-size -N File is smaller than N blocks -size -50c

● The default action for find is simply to display the names of the
matching files
Some examples of using find


Show all files ending in '.c' in (and below) the current directory
$ find . -name '*.c'
● Find all files under /home owned by tux
$ find /home -user tux
● Find ordinary files in /usr/bin which are bigger than 1 Mbyte
$ find /usr/bin -type f -size +1000k
● # find / -name ‘shooping’
More search criteria for find

Syntax Description Example


-perm xxx File permissions exactly -perm 644
match octal digits xxx

-perm +xxx File has at least one of the -perm +222


permissions xxx

-perm -xxx File has all of the permissions -perm -001


xxx

-mtime +n File last modified more than n -mtime +14


days ago

-mtime -n File last modified less than n -mtime -2


days ago

-atime +n File last accessed more than -atime +7


n days ago

-atime -n File last accessed less than n -atime -1


days ago
Actions for find


An action specifies what to do with each matching file
-print (also the default) just writes out the pathname of the file
-ls writes output similar to ls -li for the file
● Any arbitrary command may be executed using -exec
– The syntax is messy; here's an example:

-exec rm {} \;

The command you Marks the end of the


want to execute -exec command

The name of the


matching file is
substituted in here
More examples of using find

● Find all files in /home/tux or /home/dilbert which are world-writable


and give a detailed listing
$ find /home/tux /home/dilbert -perm +002 -ls
● Delete files under /home with names ending '.bak' which have not
been accessed for two weeks
$ find /home -name '*.bak' -atime +14 -exec rm {} \;

Find all files which are not symbolic links but have mode 777
$ find / ! -type l -perm 777 2> /dev/null

'!' negates the sense Discard reports of


of the following test unreadable directories, etc.
Exercise: Using find

● List all the directories under /home that belong to root

● How many symbolic links are there under /usr/bin?


Does root own any zero-length regular files under /etc? How many?
– Hint: don't count them yourself!


What is the largest file in the filesystem?
– Hint: it is bigger than 10 Mbytes
Manual pages


The traditional way of providing online help is the “manual page”
– accessed via the man command
tux@earth:~>
tux@earth:~> man
man mount
mount
MOUNT(8)
MOUNT(8) Linux
Linux Programmer's
Programmer's Manual
Manual MOUNT(8)
MOUNT(8)
NAME
NAME
mount
mount -- mount
mount aa file
file system
system
SYNOPSIS
SYNOPSIS
mount
mount [-lhV]
[-lhV]
mount
mount -a
-a [-fFnrsvw]
[-fFnrsvw] [-t
[-t vfstype]
vfstype] [-O
[-O optlist]
optlist]
mount
mount [-fnrsvw] [-o options [,...]] device || dir
[-fnrsvw] [-o options [,...]] device dir
mount
mount [-fnrsvw] [-t vfstype] [-o options] device dir
[-fnrsvw] [-t vfstype] [-o options] device dir
DESCRIPTION
DESCRIPTION
All
All files
files accessible
accessible in
in aa Unix
Unix system
system are
are arranged
arranged in
in one
one big
big
tree, the file hierarchy, rooted
tree, the file hierarchy, rooted at /.at /. These
These files can be
files can be
spread out over several devices. The mount command
spread out over several devices. The mount command serves to serves to
attach
attach the
the file
file system
system found
found on
on some
some device
device to
to the
the big
big file
file
tree.
tree. Conversely,
Conversely, the
the umount(8)
umount(8) command
command will
will detach
detach it
it again.
again.
How a manual page is organised


Each manual page is divided up into a number of sections
– Not all sections are present for all commands

Section Contents
NAME Name and short description of the command
SYNOPSIS Description of the syntax
DESCRIPTION Detailed description of the command
OPTIONS Description of all available options
COMMANDS Instructions that can be given to the program while it is running
FILES Files referenced by the command
SEE ALSO List of related commands
DIAGNOSTICS Possible error messages and what they mean
EXAMPLE Examples of usage
AUTHOR Who wrote it
BUGS or WARNINGS Known errors and problems
Manual page section numbering


Each manual page is allocated a 'section number' depending on what
kind of thing it describes:

Section Contents Used by


1 Commands for end users End users
2 System Calls Developers
3 Functions and Library Routines Developers
4 Device Files Administrators / developers
5 Configuration files and file formats Administrators
6 Games ?
7 Overview, conventions, and miscellan ?
8 System management Commands Administrators

$man man-pages
● The output of man is piped through less for ease of browsing
Manual page section numbering (continued)


By default the man command finds the requested page in the lowest-
numbered section
– If the same name appears in more than one section, you may have to
specify the section number explicitly to get the right man page

$$ man
man crontab
crontab
...
... man
man page
page for
for crontab
crontab command
command in
in section
section 11 ...
...
$$ man
man 55 crontab
crontab
...
... man
man page
page for
for crontab
crontab file
file format
format in
in section
section 55 ...
...
$$ man
man uname
uname
...
... man
man page
page for
for uname
uname command
command in
in section
section 11 ...
...
$$ man
man 22 uname
uname
...
... man
man page
page for
for uname
uname system
system call
call in
in section
section 22 ...
...
Searching the manual pages by keyword


You can search for manual pages by keyword
– man -k keyword or apropos keyword
– keyword must appear in NAME section of man page

$$ apropos
apropos partition
partition
mpartition
mpartition (1)
(1) -- partition
partition anan MSDOS
MSDOS hard
hard disk
disk
sfdisk
sfdisk (8)
(8) -- Partition
Partition table
table manipulator
manipulator forfor Linux
Linux
gpart
gpart (8)
(8) -- guess
guess PC-type
PC-type hard
hard disk
disk partitions
partitions
ntfsfix
ntfsfix (8)
(8) -- tool
tool for
for fixing
fixing NTFS
NTFS partitions
partitions altered
altered by
by ...
...
mkfs.jfs
mkfs.jfs (8)
(8) -- create
create aa JFS
JFS formatted
formatted partition
partition
lvmdiskscan
lvmdiskscan (8)(8) -- scan
scan for all disks / multiple devices
for all disks / multiple devices ...
...
jfs_mkfs (8)
jfs_mkfs (8) -- create a JFS formatted partition
create a JFS formatted partition
pvcreate
pvcreate (8)
(8) -- initialize
initialize aa disk
disk or
or partition
partition for
for use
use by
by LVM
LVM
cfdisk
cfdisk (8)
(8) -- Curses
Curses based
based disk
disk partition
partition table
table manipulator
manipulator
partprobe
partprobe (8)
(8) -- inform
inform the
the OS
OS of
of partition
partition table
table changes
changes
fdisk
fdisk (8)
(8) -- Partition
Partition table
table manipulator
manipulator forfor Linux
Linux
parted
parted (8)
(8) -- aa partition
partition manipulation
manipulation program
program
Built-in Help


Most of the GNU command line tools have built-in help, using the
--help option

tux@earth:~>
tux@earth:~> cat
cat --help
--help
Usage:
Usage: cat [OPTION] [FILE]...
cat [OPTION] [FILE]...
Concatenate
Concatenate FILE(s), or
FILE(s), or standard
standard input,
input, to
to standard
standard output.
output.
-A,
-A, --show-all
--show-all equivalent
equivalent to to -vET
-vET
-b, --number-nonblank
-b, --number-nonblank number
number nonblank output
nonblank output lines
lines
-e
-e equivalent to
equivalent to -vE-vE
-E, --show-ends
-E, --show-ends display
display $$ atat end
end of
of each
each line
line
-n, --number
-n, --number number all output lines
number all output lines
-s, --squeeze-blank
-s, --squeeze-blank never
never more
more than
than one
one single
single blank
blank line
line
-t
-t equivalent to
equivalent to -vT-vT
-T, --show-tabs
-T, --show-tabs display
display TAB
TAB characters
characters as as ^I
^I
-u
-u (ignored)
(ignored)
-v, --show-nonprinting
-v, --show-nonprinting use
use ^^ and
and M-
M- notation,
notation, except
except for
for LFD
LFD and
and TAB
TAB
--help
--help display this help and exit
display this help and exit
--version
--version output
output version
version information
information and and exit
exit
With
With no
no FILE,
FILE, or
or when
when FILE
FILE is
is -,
-, read
read standard
standard input.
input.
Lesson 6: User and Group Permission Management

User and Group Permission Management


User accounts


User Accounts
User accounts
Where are user accounts stored?
The /etc/passwd file
The /etc/shadow file
Changing passwords
Password aging
The /etc/group file
Group membership
System accounts and system groups
User accounts


A user account is defined by:
– A user name (e.g. lpiuser)
– A numeric user ID (e.g. 1000)
– A primary group ID (e.g. 1000)
– A full name (e.g. lpiuser lpiuser) which the system does not use internally
– A home directory (e.g. /home/lpiuser)
– A shell (e.g. /bin/bash) – this is the program that is started up after the
user has authenticated
– A password. This is stored as a hash (not in clear text)
– Password aging information, discussed later

All other information that customises a user's account is held in
hidden files in the user's home directory
– Shell configuration, desktop preferences, environment settings, etc.
Where are user accounts stored?

An LDAP
database

The local files


/etc/passwd,
/etc/shadow
The system can A Kerberos
be configured authentication
to look for user server
account info in
several places
A NIS or
NIS+ server
An SMB server
e.g. A Windows
NT domain
controller
The /etc/passwd file

● Locally defined accounts are stored in the /etc/passwd file


– The name is historical, passwords are not stored in this file!
– Each line defines one user, fields are separated by colons:
lpiuser:x:1000:1000:lpiuser:/home/lpiuser:/bin/bash

User name User ID Home directory shell

Full name. Historically,


Primary
this field was called the
group ID
“finger information”
Historically this field or the “GECOS field”
held the hashed
password. It is no The passwd file is world-readable
longer used. and is consulted, for example,
to allow ls -l to show a file's owner
as a user name rather than a UID
The /etc/shadow file

● The /etc/shadow file stores hashed passwords and password aging


information for each user
– This file is readable only by root, to prevent users cracking passwords
– Each line defines one user, fields are separated by colons:
lpiuser:$R$Z1ZW2SM6JdGg:12538:0:99999:7:::

User name The hashed password These fields hold password


(Hashing is effectively aging parameters
a form of “one way”
encryption)

When a user logs in, the password


he enters is hashed and compared
against the hash stored in the
shadow file
Password aging


Password aging forces users to choose new passwords periodically
– Opinions are divided over whether this is a good thing
– Rarely enabled

Password aging is controlled by several parameters which are stored
in /etc/shadow. All these parameters are in days
– A minimum period between password changes
– A maximum period between password changes (password lifetime)
– A warning period prior to password expiration
– A maximum period of inactivity after password expiration before the
account is locked (disabled)
– An absolute expiration date for the account (days since 1 Jan 1970)
● Root can use the chage command to change the password aging
parameters for an existing user
– See man chage for details
The /etc/group file

● Groups are defined in the file /etc/group


– Each line defines one group:
lpiuser:x:1000:chris,tux

The group The numeric Comma-separated list


name group ID of users who are
secondary members
of this group

Some early versions of UNIX associated


a password with each group. The hashed
password was stored in this field. You could
assume the group identity of any group
you knew the password for. Linux does not
implement this feature.
Group membership


Each user has one primary group
– Defined by his entry in /etc/passwd


Each user has zero or more secondary groups
– Defined by the appearance of his user name in /etc/group


A user is always considered to be a member of his primary group and
all his secondary groups
System accounts and system groups


UIDs below 1000 are regarded as “system accounts”
– Do not usually correspond to an actual person
– Serve to give an ownership category to system files
– Example: the print server runs as user 'lp' and the printer config and
spool files are owned by 'lp'. lp has UID=4
– UID=0 is for superuser(root)


Regular users receive UIDs from 1000 up


GIDs below 1000 are regarded as “system groups”
– Regular groups receive GIDs from 1000 up
– The default GID for a regular user account is 100 (“users”)
User account management


User account
management Creating user accounts from the command line
Modifying user account defaults
Modifying and deleting existing accounts
Managing groups from the command line
Exercise: User account management
Command-line vs graphical tools
Creating user accounts from the command line
● Root can create user accounts with the command useradd
# useradd kurt
# useradd -u 1000 -c 'lpiuser lpiuser' -d /home/lpiuser
-s /bin/bash lpiuser
The UID will be one bigger than the largest currently in use
– Other defaults (location for home directory, shell, etc) are taken from the
file /etc/default/useradd

Root should set an initial password for the account (and tell the user!)

Command options can be used to specify non-default settings, e.g.
Option Meaning
-d Set the home directory
-u Specifies a user ID
-g Specifies a primary group ID
-G Specifies a secondary(supplementary) group ID
Add the user to the supplementary group(s). Use only
-a with the -G option
-s Set the path name to the user's login shell
Modifying user account defaults /etc/defaults/useradd


Root can modify the defaults for new user accounts, for example:
# useradd -s /bin/bash tux

# useradd -D This example changes the


default shell. Also use:
GROUP=100
-d homedir
HOME=/home -g GID
INACTIVE=-1 -G group1,group2
EXPIRE=
SHELL=/bin/sh See the man page for full
SKEL=/etc/skel details
CREATE_MAIL_SPOOL=no
#useradd -u 1005 -g lpiuser -G tux -c 'lpi lpi' -d /home/lpi
-s /sbin/nologin lpi
#passwd lpi
Changing passwords


Users are allowed to change their own password
– A simple password strength check is enforced
$ passwd
Changing password for lpiuser.
Old Password: 123456
In reality the passwords
New password: secret are not echoed to the screen
Bad password: too simple
New password: rhel6
Re-enter new password: rhel6
Password changed


The superuser can change anyone's password
# passwd lpiuser
Changing password for lpiuser.
...
Modifying and deleting existing accounts

● Root can modify existing accounts using usermod, for example:


# grep lpiuser /etc/passwd
lpiuser:x:1000:1000:lpiuser:/home/lpiuser:/bin/bash
# usermod -c "My Hero" -s /usr/bin/csh lpiuser
# grep lpiuser /etc/passwd
lpiuser:x:1000:1000:My Hero:/home/lpiuser:/usr/bin/csh
– The options for usermod are similar to those for useradd
● Root can delete existing accounts using userdel, for example:
# userdel -r kurt

Forces removal of
kurt's home directory
Managing groups from the command line

● Root can create groups with groupadd

# groupadd -g 1445 hackers

Specifies the GID. By default the


next available ID is allocated

● Root can modify group groupmod


# groupmod -g 1450 hackers
# groupmod -n crackers hackers
● Root can delete groups with groupdel
# groupdel crackers
– You are not allowed to delete a group which is someone's primary group
Managing groups from the command line

● Root can modify group groupadd and groupmod

# groupadd -g 2002 dev

# groupadd developer

# more /etc/group | grep dev

# usermod -aG dev abebe

# groups abebe

# chgrp root file1 ---------- to change file1’s group to root

# chgrp root dir1 ---------- to change dir1’s group to root


● Root can delete groups with groupdel

# groupdel crackers
– You are not allowed to delete a group which is someone's primary group
Exercise: User account management

For this exercise you can use the command line tools.
1. Create a new group called hacker with group ID 1200
2. Create two new users with user names catbert and dogbert and UIDs
1010 and 1011 respectively. Their home directories should be
created as /home/catbert and /home/dogbert. Their shell should be
/bin/bash. Their primary group should be hacker and they should
both have secondary membership of the groups audio and video
3. Set passwords for these two accounts. Make sure you remember
them!
4. Examine the /etc/group and /etc/passwd files and verify that the
entries for the hacker group and the catbert and dogbert accounts
are as you expect
Exercise: User account management (continued)

5. Set password aging on catbert's account so that:


– The minimum time between password changes is 1 week
– The maximum time between password changes is 1 month
– He receives 2 days warning of password expiry
– The account is usable for 3 days after the password expires
– The account expires on 31 December this year
– Hint – look up the man page for chage
6. Look up catbert's entry in /etc/shadow and examine the password
aging parameters. Are they what you expect?
– Hint – man 5 shadow will help you figure out which field is which
7. List the /home directory. Verify that catbert and dogbert's home
directories exist.
– Who are they owned by? What group do they belong to?
Exercise: User account management (continued)

8. Verify that you can log in as catbert


– Run the command id to verify catbert's UID and group memberships.
Are they what you expect?
– Run the command pwd and verify the path name of the home directory
– Create a file in the home directory and verify its ownership and group
– List the hidden files in the directory. Where have these come from?
9. Still as catbert, try to change your password. What happens?

End of Exercise
Command-line vs graphical tools


The relative merits of performing system administration at the
command line and using graphical tools provokes a lot of discussion

Advantages of graphical tools
– No need to remember command line syntax or file formats
– Less likely to create an invalid configuration
– Closer match to expectations of administrators migrating from Windows

The use of graphical tools does not mean that you don't need to
understand the underlying model

Advantages of command line tools
– Generally faster, once you know them
– Do not require a graphical desktop
– System admin can be automated, using scripts
– May offer greater flexibility than the graphical tools
Notes on Adding Users


Add a group first, else you get a default one.

User and Group Names are lowercase,

User and Group IDs have values greater than 1000. Values
below these cut-offs are system users!
Limited & Special-Purpose Accounts

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP
ftp:x:14:50:FTPUser:/var/ftp:/sbin/nologin
User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin

Note: Such accounts frequently control files but should not be accessed by normal
login. Therefore, they usually have a login shell specified as /sbin/nologin, or
/bin/false so that login attempts will fail.
To Suspend user account

Do one of the following to suspend user accounts


- Put * as start of Password field in /etc/shadow
- Change login shell to /sbin/nologin or /bin/false
Managing User & Group Databases
● /etc/passwd - is the password file containing basic information about
users
● /etc/shadow - is the shadow password file containing encrypted
passwords
● /etc/group - is the group file containing basic information about
groups and which users belong to them
● /etc/gshadow - is the shadow group file containing encrypted group
passwords

$$ ls
ls -l
-l /etc/passwd
/etc/passwd /etc/shadow
/etc/shadow /etc/group
/etc/group /etc/gshadow
/etc/gshadow
-rw-r--r--
-rw-r--r-- 11 root
root root
root 701
701 Jun
Jun 26
26 19:04
19:04 /etc/group
/etc/group
-r--------
-r-------- 11 root
root root
root 580
580 Jun
Jun 26
26 19:04
19:04 /etc/gshadow
/etc/gshadow
-rw-r--r--
-rw-r--r-- 11 root
root root
root 1939
1939 Jun
Jun 26
26 19:43
19:43 /etc/passwd
/etc/passwd
-r--------
-r-------- 11 root
root root
root 1324
1324 Jun
Jun 26
26 19:50
19:50 /etc/shadow
/etc/shadow
sudo command

● sudo (substitute user do) allows a permitted user to execute a


command as the superuser or another user, as specified in the
/etc/sudoers file.
sudo [OPTION]... [-u username]
– You don’t have to hand out the root password to people just so they can
run a few commands.
– -u USERNAME – Attempt to run the command as user USERNAME instead
of root.

Example
$$ ssh
ssh lpiuser@192.168.0.129
lpiuser@192.168.0.129 ls
ls //
lpiuser@192.168.0.129's
lpiuser@192.168.0.129's password:
password:
bin
bin
boot
boot
dev
dev
etc
etc
home
home
lib
lib
lib64
lib64
lost+found
lost+found
media
media
/etc/sudoers file


A simple sudoers file would look like

#visudo → the correct way to edit files
## Format
Format is:
is:
## user
user MACHINE=COMMANDS
MACHINE=COMMANDS
##
## The
The COMMANDS
COMMANDS section
section may
may have
have other
other options
options added
added to
to it.
it.
##
Defaults
Defaults requiretty,passwd_timeout=10
requiretty,passwd_timeout=10
## Allows
Allows members of
members of the
the users
users group
group to
to mount
mount and
and unmount
unmount the
the cdrom
cdrom as
as root
root
%users
%users ALL=/sbin/mount
ALL=/sbin/mount /mnt/cdrom,
/mnt/cdrom, /sbin/umount
/sbin/umount /mnt/cdrom
/mnt/cdrom
## Allow
Allow the
the user
user lpiuser
lpiuser to
to run
run the
the fdisk,
fdisk,
root
root ALL=(ALL)
ALL=(ALL) ALL
ALL
lpiuser
lpiuser ALL=/sbin/fdisk
ALL=/sbin/fdisk
## give
give root
root privilege
privilege without
without password
password
abebe
abebe ALL=(ALL)
ALL=(ALL) NOPASSWD:
NOPASSWD: ALL
ALL
## give
give root privilege for hackers group
root privilege for hackers group
%hackers
%hackers ALL=(ALL)
ALL=(ALL)ALLALL

To
To see
see whether
whether working
working or
or not
not logon
logon or
or switch
switch as
as limited
limited user
user and
and type
type the
the
following
following
$sudo
$sudo /sbin/fdisk
/sbin/fdisk –l–l
/etc/security/pwquality.conf Creating and enforcing a
strong password policy

# vi /etc/security/pwquality.conf
Managing Default Permissions

# umask ----- to see umask value.


0022
# umask 027 --- to change umask value

Results from Common umask Values for Files and Directorie


Linux file system permission


The linux security model

Users and groups

The superuser

Standard file permissions

Changing access permissions

Representing file permissions


in octal

setuid and setgid programs

Changing ownership with chown


Users and groups

● Every user has an account name (e.g. lpiuser) along with an


associated numeric user ID (e.g. 1000)

Every user is associated with one named group which is their primary
group
– Groups allow additional flexibility in assigning access permissions

Users can also be associated with one or more secondary groups
● The command id shows your user identity and group memberships

Numeric user ID and user name

Primary group ID and group name


● $ id
uid=1000(lpiuser) gid=100(users) groups=100(users),
14(uucp),16(dialout),17(audio),39(video)

Secondary groups
The user root


Linux has a priviledged user account called the super-user
– The account name is usually root
– The numeric user ID is zero
● root can access or modify any file or directory and run any command
– Only log in as root if you are doing something that requires it
● You can start a new shell as root using the su command

$$ su The '- flag causes root's normal login


su -- environment to be established
Password:
Password: suseroot
suseroot
earth:
earth: ~~ ## You are prompted for the password
It is not echoed to the screen

The '#' in the prompt warns


you that you are root
User identity and the super user

● Log in as lpiuser, with password penguin Do now!


– What is your prompt string? _______________________________

Run the id command
– What is your numeric user ID? _____________
– What is your primary group name? __________________
– What are the names of your secondary groups? ___________________
● Run the command 'su -' to start a shell as the superuser
– Supply the password suseroot
– What is your prompt string? _______________________________
– What is your numeric user ID now? ____________________
– What is your primary group ID? ________________
● Type exit (or enter ^D) to exit from your superuser shell
– Confirm (from your prompt) that you are no longer logged in as root
Standard file permissions


Every file and directory has a set of attributes:
– An owner (by default, the person who created it)
– A group (by default, the primary group of the person who created it)
– Three sets of access permissions, relating to:

The owner of the file

Users who are members of the file's group

Everyone else (“others”)

These attributes are shown in a long directory listing:
$ ls -l /home/lpiuser
-rw-r--r-- 1 tux users 65584 2004-03-16 11:30 lpiuser
Group
Owner
Permissions for others
Permissions for members of group
Permissions for owner
Standard file permissions (continued)


There are three access permissions in each set
– The meanings of these permissions differ slightly depending on whether
they are applied to a regular file or a directory

Permission Meaning for a regular file Meaning for a directory


Able to see the contents of the Able to list the contents of the
r (read)
file directory
Able to change the contents of Able to create or delete files or
w (write)
the file subdirectories
Able to run the file as a Able to make the directory
x (execute)
program or a script “current” or use it in a path name

The permissions are shown as a group of nine characters,


for example:
rwxr-xr-x
Changing access permissions with chmod

● The command chmod is used to change file permissions


● How to build yourself a chmod command in five easy lessons

u + r
chmod g - w file1 file2 …

o = x

1. Type the
command 4. Select any 5. List the files whose
name! combination permissions you want
of r, w, x to change

2. Select any 3. Select one of:


combination of: + Add to existing permissions
u User (owner) of file - Remove from existing permissions
g Group = Assign absolute permissions
o Other (rest-of-world)
Or ‘a’ (same as ugo)
Changing access permissions (continued)


Only the owner of a file (or the superuser) can change the file’s
permissions
$ chmod u+x hello.txt
$ chmod go-w display.object
$ chmod a-wx opensource openwindows
$ chmod u=rw open*

To set different access permissions for different users, either use two
chmod commands or separate changes with a comma:
$ chmod u=rwx index
$ chmod go=r index
Or:
$ chmod u=rwx,go=r index
Question: What do you think 'chmod u=rwx go=r index' does?
Representing file permissions in octal


Since each of the file permissions (rwxrwxrwx) is either on or off, a
file’s permissions can be represented by 3 groups of 3 binary digits
– Then each set of 3 bits can be written as an octal digit (0-7)

rwx rw- r--


111 110 100
7 6 4

● This notation can be used by chmod; e.g.


$ chmod 644 hello.txt
$ chmod 400 hello.txt
● Some early versions of chmod, and a few other commands which deal
with access permissions, only understand the octal notation
Changing ownership with chown

● The chown command can change the ownership and group of a file
chown owner.group file1 file2 ...

Example:
$ chown root.wheel foo bar

You can change just the owner:
$ chown root foo

or you can change just the group:
$ chown .wheel bar
$ chgrp wheel bar
● Only root can change a file's owner
– Ordinary users can change a file's group only if they are members of both
the original and the new group
Exercise: File permissions and ownerships

1. You should initially be logged in as tux for this exercise


2. Using the touch command, create a file called sample
$ touch sample
– Who owns the file sample? _____________________
– What group does the file belong to? ____________________
– What are the initial access permissions on the file? _________________
3. Using chmod, create the following sets of access permissions, in turn,
on the file sample. After each change, verify the permissions by doing
a long listing of the file
rw-------
rw-rw-rw-
rwxrwxrwx
Exercise continued

4. As the user tux, try to change the ownership of the file sample to be
owned by the user dogbert.
– What happens?
5. Use the su command to switch to a superuser shell
– Try again to change sample to be owned by dogbert
(It should work this time)
– Change the group ownership of sample to the group trusted
6. Exit from the superuser shell
7. Do a long listing of sample and verify the ownership and group

End of Exercise
Lesson 7: Package Management and software installation

Package Management and software installation


Managing Software


Use RPM - Redhat Package Manager and install rpms (default)

Use yum package installation utility.

Using Debian Packages

Using apt package management

Package dependency and conflicts

Converting between package formats
rpm

For Binary rpms: rpm [options] rpm-file
rpm –qa, rpm –ivh, rpm –Uvh, rpm -e
(Where -q= query, -a= all, -i=install, -v=verbose, -U=
upgrade, -h= hash, -e= erase)

Install package
#rpm –ivh package_name.rpm

Remove package
#rpm –e package_name.rpm

Upgrade package
#rpm –Uvh package_name.rpm

Display info
#rpm –qa | grep package_name.rpm
rpm
Finding Package Dependencies

# dnf deplist lynx ---> Redhat


$ sudo apt show lynx --> Ubuntu
Repositories

RHEL 9 is distributed through two main repositories:
● BaseOS
● AppSream

Both repositories are required for a basic RHEL installation, and
are available with all RHEL subscriptions.

Content in the BaseOS repository is intended to provide the
core set of the underling OS functionality that provides the
foundation for all installations.

Content in the Application Stream repository includes additional
user space applications, runtime languages, and databases in
support of the varied workloads and use cases
Yum repository configuration

Create local repository file
#vi /etc/yum.repos.d/a.repo
[BaseOS]
name=BaseOS
baseurl=file:///media/BaseOS
enabled=1
gpgcheck=0

[AppStream]
name=AppStream
baseurl=file:///media/AppStream
enabled=1
gpgcheck=0
Yum repository configuration (cont..

Mount iso file temporarily on default mount point
#mount /dev/sr0 /media
#cd /media/AppStream/Packages
#cd /media/BaseOS/Packages

Mount iso file permanently using /etc/fstab and add the
following line at the bottom

#vi /etc/fstab
/dev/sr0 /media auto defaults 0 0
rpm

Change directory to Package where rpm files stored
#mount /dev/sr0 /mnt
#cd /mnt/Packages

Install package
#rpm –ivh nmap

Verify nmap command
#nmap -sS localhost

Remove package
– #rpm –e nmap

List one package (detail installed package info)
#rpm –qi gcc
# rpm -qi nmap
yum/dnf


Yum is a command utility search and install software that
have dependency.

Yum require location of rpm

Mirror or Repository : store rpm file such as ios of the
server in this case or URL

Configuration directory is /etc/yum.repos.d/

Installation command
# yum repolist
#yum install packagename
yum


Create URL repository file in /etc/yum.repos.d/ using
<name.repo>
#vi /etc/yum.repos.d/a.repo
[1]
name=1
baseurl=http://192.168.1.20/rhel9
enabled=1
gpgcheck=0

Where
- Enabled option just enable this repo
- gpgcheck option check rpm validity
yum/dnf

Search installed package samba

#yum search samba

# dnf list installed

# dnf list installed nmap

# dnf list installed bash


# yum list installed | grep samba

Install package

#yum install samba*



Install GUI on the system package

#yum install tigervnc-server*



Remove package

#yum remove samba


Upgrade package

#yum upgrade samba



Display info

#yum info samba



To check listed updates

# dnf list upgrade



To download on the linux server

# yum install yum-utils

# yumdownloader nmap ------- using yumdownloader command we can download any rpm
packages
Troubleshooting


To clear repository list

#yum clean all


# dnf clean all

To check repository list for packages

#yum repolist
# dnf repolist

repo configuration files
– /etc/dnf/dnf.conf
– /etc/yum.repos.d directory

Note:

-Error happen due to Redhat license requirement during installation so use free
distribution centOS.
Debian Package Management


Systems using Debian based variants of Linux don't use the rpm
package management system, but rather the Debian Package
Management system. The Debian system is more rigorous
and configurable than the rpm system, but for historical
reasons is less widely used.

The approach used by the the Debian system is very
similar to that used by the rpm system. The equivalent
command to 'rpm' in a Debian system is 'dpkg'.
Debian Package Management


Actions
Debian Package Management


To install a package from a .deb file, you could use dpkg as follows:
$ cd ~/Downloads
$ sudo dpkg -i nomachine_8.11.3_4_amd64.deb
$ sudo apt --fix-broken install
$ sudo systemctl status nxserver

To remove the package with its configuration, you could:
$ sudo dpkg -P nomachine

To remove the package without its configuration, you could use:
$ sudo dpkg -r nomachine
Debian Package Management

APT

The dpkg tool is fine for installing individual packages with no
dependencies, but when installing a number of packages which may
have dependencies, the APT tool is generally used instead.

APT is one of the strengths of dpkg, and provides an easy way of
installing and updating a system. It is controlled by two files:
– /etc/apt/apt.conf.d Contains general configuration options for APT
– /etc/apt/sources.list Lists sources of Debian files
# dnf install epel-release --- sometimes if we can install dnf on
ubuntu this package installation could be working.
– Installing ZFS File System in Debian Linux and creating mirrored disk
$ sudo apt-get install zfsutils-linux -y
$ sudo apt-get install zfs-fuse
$ sudo zpool create mypool mirror /dev/sdb /dev/sdc
$ $ sudo zpool create -f data /dev/sdb /dev/sdc ----- to create pool
without RAID.
Debian Package Management


Once APT knows where the Debian packages are located, two
command line tools are used for package management: apt-cache
and apt-get.


To install packages
# apt-get install package_name
Converting Debian packages into RPM ones and
vice versa


The alien tool will change Debian packages into Red Hat ones and
vice versa.

Convert a debian package to rpm
#apt-get install alien
#alien --to-rpm package.deb

Convert an rpm package to debian
#alien --to-deb package.rpm
Exercise


Install and configure nagios monitoring tool using yum

Install and remove apache web server using yum

Install and remove Nomachine using dpkg

Install and remove java using dpkg

Install and remove openssh-server and nvc-tiger using apt

You might also like