Installing Red Hat Enterprise

Linux Server

Practical 0: Installation of RHEL6.x

There is a version of RH EL Server for almost any hardware platform. That means you can install it on a
mainframe computer, a mid-range system, or PC-based server hardware using a 64- or 32-bit architecture.

The ideal installation is on server-grade hardware. However, you don’t have to buy actual server hardware if
you just want to learn how to work with Red H at Enterprise Linux. Basically, any PC will do as long as it
meets the following minimum requirements:

A CPU capable of handling 64-bit instructions

1GB of RAM
20GB of available hard disk space
A DVD drive
A network card

Apart from these requirements, other requirements relate to KVM virtualization as well. The most important
of these is that the CPU on your computer needs virtualization support.

Pre-Installation Steps

Download ISO:

Visit: https://www.redhat.com and download the RHEL 6 ISO.

1. Put the RHEL 6 installation disc in the optical drive of your computer, and boot from the installation
disc. If the DVD drive is not in the default boot order on your com -
puter, you’ll have to go into the setup and instruct your computer to boot from the
optical drive. After booting from the installation DVD successfully, you’ll see the Wel- com e to Red Hat
Enterprise Linux screen.
1. From the graphical installation screen, select Install Or Upgrade An Existing System . In case you’re
experiencing problems with the graphical display, you can choose to install using the basic video driver.
However, in most cases that isn’t necessary. The other options are for troubleshooting purposes only and w ill
be discussed in later chapters in this book.
2. After beginning the installation procedure, a Linux kernel is started, and the hardware is detected. This
normally takes about a minute.
3. Once the Linux kernel has been loaded, you will see a non graphical screen that tells you that a disc was
found. (Non Graphical enus like the one in the following image are referred to as ncurses interfaces. Ncurses
refers to the programming library that was used to create the interface.)
From this screen, you can start a check of the integrity of the installation

media. Don’t do this by default; the media check can easily take 10 minutes or more! Press the Tab key once
to navigate to the Skip button, and press Enter to proceed to the next step.
4. If the graphical hardware in your computer is supported, you’ll next see a graphical screen with only a
Next button on it. Click this button to continue.
If you don’t see the graphical screen at this point, restart the installation pro-cedure by rebooting your
computer from the installation disc. From the menu, select Install System With Basic Video Driver.
5. On the next screen, you can select the language you want to use during the instal- lation process. This is
just the installation language. At the end of the installation, you’ll be offered another option to select the
language you want to use on your Red Hat server. Many languages are supported; in this book I’m using
English.

6. ​After selecting the installation language, on the next screen, select the appropriate keyboard layout, and
then click Next to continue.
7. Once you’ve selected the keyboard layout you want to use, you need to select the storage devices with
which you are working. To install on a local hard drive in your computer, select Basic Storage Devices. If
you’re installing RHEL in an enterprise environment and want to write all files to a SAN device, you should
select the Specialized Storage Devices option. If you’re unsure about what to do, select Basic Storage
Devices and click Next to proceed.

8. After you have selected the storage device to be used, the installation program may issue a warning that
the selected device may contain data. This warning is displayed to prevent you from deleting all the data on
the selected disk by accident. If you’re sure that the installer can use the entire selected hard disk, click Yes,
and discard any data before clicking Next to continue.

9. On the next screen, you can enter the hostname you want to use on the computer. Also on this screen is
the Configure Network button, which you’ll use to change the current network settings for the server. Start
by entering the hostname you want to use. Typi- cally, this is a fully qualified domain name that includes the
DNS suffix. If you don’t have a DNS domain in which to install the server, you can use example.com. This
name is available for test environments, and it won’t be visible to others on the Internet.

10. Click Next to continue.

11. At this point, you’ll configure the time settings for your server. The easiest way to do this is just to
click the city nearest to your location on the world map that is dis- played. Alternatively, you can choose the
city that is nearest to you from the drop- down list.

12. You’ll also need to specify whether your computer is using UTC for its internal clock. UTC is
Coordinated Universal Time, a time standard by which the world regulates clocks and time. It is one of
several successors to Greenwich Mean Time, without Daylight Saving Time settings. Most servers have their
hardware clocks set to UTC, but most PCs don’t. If the hardware clock is set to UTC, the server uses the time
zone settings to calculate the local software time. If your computer has its hardware clock set to UTC, select
the option System Clock Uses UTC, and click Next to continue. If
not, deselect this option and proceed with the installation.
13. Next you’ll specify the password that is to be used by the user root. The root account is used for
system administration tasks, and its possibilities are nearly unlimited. Therefore, you should set the root
password to something that’s not easy for pos- sible intruders to guess.

14. ​ The next screen you’ll see is used to specify how you’d like to use the storage
devices on which you’ll install Red Hat Enterprise Linux. If you want to go for the easiest solution, select
Use All Space. This will remove everything currently installed on the selected hard disk (which typically
isn’t a bad idea anyway). Table 1.1 gives an overview of all the available options.
Practical 1
Aim: Working with Users, Groups, and Permissions
a. Creating and Managing Users
b. Creating and Managing Groups
c. Using Permissions and Advanced Permissions

BACKGROUND INFORMATION:

User Management

Linux is a multi-user operating system, meaning multiple users can operate on a system simultaneously.
Proper user management ensures security, controlled access, and system integrity.

Key files involved in user management:

/etc/passwd – Stores user account details.

/etc/shadow – Stores encrypted user passwords.

/etc/group – Stores group information.

/etc/gshadow – Stores secure group details.

Creating Users in Linux

To create a new user in Linux, use:

useradd Command (For most Linux distributions)

useradd username

This creates a user without a home directory.

useradd: This command is used for adding users to the local authentication system.

●​ Using useradd is simple. In its easiest form, it just takes the name of a user as its argument, so
useradd linda will create a user called linda on your server.
●​ The useradd command has a few options. If an option is not specified, useradd will read its
configuration file in /etc/default/useradd. In this configuration file, useradd finds some default
values.
●​ These specify the groups the user will become a member of, where to create the user’s home
directory, and more.

➢​ To Create users from a command-line environment, you can use the useradd command.
➢​ /etc/passwd and /etc/shadow are the user's configuration files. Each line in both files consists of
colon-separated fields, one line per user.
➢​ The format of the
➢​ /etc/passwd is: username : passwd : uid : gid: gecos : directory : shell
➢​ /etc/shadow is : username:$1$s4w/WmsS$tMsqHucunntdrXUe8zlvh.:18521:0:99999:7:::
➢​ /etc/login.defs : This relates to the user environment but is used completely in the background.
/ etc/ passwd

The first, and probably the most important, of all user-related configuration files is /etc/passwd. This file is
the primary database where user information is stored. That is, the most important user properties are
stored in this file. Listing 7.2 will give you an impression of what the fields in this file look like.

●​ Different fields are used in /etc/passwd. The fields are separated with a colon. Here is a short
explanation of all the fields used in /etc/passwd.
●​ Username The user’s login name is stored in the first field in /etc/passwd. In older UNIX versions,
there was a maximum-length limitation on login names, which was eight characters. In modern
Linux distributions, such as Red Hat Enterprise Linux, this limita-tion no longer exists.
●​
●​ Password In the old days of UNIX, encrypted passwords were stored in this file. There is,
however, one big problem with passwords stored here—even if the password has been hashed,
everyone is allowed to read /etc/passwd. Since this poses a security risk, pass-words are stored in
the configuration file /etc/shadow nowadays, which is discussed in the next section.
UID As you have already learned, every user has a unique user ID. Red Hat Enterprise Linux starts
numbering local user IDs at 500, and typically the highest number that is used is 60000 (the highest
numbers are reserved for special-purpose accounts).
GID As discussed in the previous section, every user has a primary group. The group ID of this primary
group is listed there. On Red Hat Enterprise Linux, every user is also a member of a private group that has
the name of the user.
GECOS The General Electric Comprehensive Operating System (GECO S) field is used to include some
additional information about the user. The field can contain anything you like, such as the department
where the user works, the user’s phone number, or any-thing else. This makes identifying a user easier for
an administrator. The GECOS field is optional, and often you will see that it is not used at all.
Home Directory This field points to the directory of the user’s home directory.

Shell The last field in /etc/passwd is used to refer to the program that is started automati-cally when a user
logs in. Most often, this will be /bin/bash, but as discussed previously, every binary program can be
referred to here as long as the complete path name is used.

For an administrator, it is perfectly acceptable to edit /etc/passwd and the related file /etc/shadow
manually. Make sure to use the vipw command to edit the files in order to prevent locking issues if other
users or commands are editing the files at the same time.

If an error is made, the consequences can be serious. It can even completely prevent logging in on a
system. Therefore, if manual changes are made to any of these files, you should check their integrity. To
do this, use the pwck command. You can run this command without any options, and it will tell you
whether there are any serious problems that need to be fixed.

/ etc/ shadow

●​ The encrypted user passwords are stored in /etc/shadow. Information relating to password expiry is
also kept in this file.
 ●​ As in /etc/passwd, the lines in /etc/shadow are also organized in different fields. For most
administrators, only the first two fields matter. The first field is used to store the name of the user,
and the second field is used to store the encrypted password.
●​
●​ In the encrypted password field, an ! and an * can be used. If an ! is used, login is cur-
●​ rently disabled. If an * is used, it is a system account that can be used to start services, but
●​
●​ that is not allowed for interactive shell login. Also, note that, by default, an encrypted pass-
●​ word is stored there, but it is also possible to store an encrypted password.

Here are the fields used in the lines in /etc/shadow:

●​ Login name
●​ Encrypted password
●​ Days since January 1, 1970 that password was last changed
●​ Days before password may be changed
●​ Days after which password must be changed
●​ Days before password is to expire that user is warned
●​ Days after password expires that account is disabled
●​ Days since January 1, 1970, that account is disabled
●​ Reserve field, not currently used

/ etc/ login.defs

/etc/login.defs is a configuration file that relates to the user environment but is used completely in the
background. Some generic settings are defined in this configuration file. These settings determine all
kinds of information relating to the creation of users. In login.defs, you’ll find variables. These variables
specify the default values used when users are created. Listing 7.4 shows you part of this configuration
file.
 How to identify if a user is created?

id <user_name>

To create a user with a home directory:

useradd -m username

To specify a shell:

useradd -s /bin/bash username

adduser Command (For Debian-based systems)

adduser username

This is an interactive command that asks for a password and additional details.

Managing Passwords
To access the system, a user needs a password. By default, login is denied for the users you create, and
passwords are not assigned automatically. Thus, your newly created users can’t do anything on the
server. To enable these users, assign passwords using the passwd command.
The passwd command is easy to use. A user can use it to change his password. If that happens, the
passwd command will first prompt for the old password and then for the new one. Some complexity
requirements, however, have to be met. This means, in essence, that the password cannot be a word that
is also in the dictionary.
The root user can change passwords as well. To set the password for a user, root can use passwd
followed by the name of the user whose password needs to be changed. For example, passwd Linda
would change the password for user linda.

The user root can use the passwd command in three generic ways. First, you can use it for password
maintenance—to change a password, for example. Second, it can also be used to set password expiry
information, which dictates that a password will expire at a particular date. Lastly, the passwd command
can be used for account maintenance. For example, an administrator can use passwd to lock an account
so that login is disabled temporarily.

Managing User Passwords

To set or change a user’s password:

passwd username

Enforcing Password Policies

Password expiration: Set password expiry days

chage -M 90 username

Lock a user account

passwd -l username

Unlock a user account

passwd -u username
Modifying Users

Modify an existing user with usermod:

Another method to verify:

less /etc/group
Change the username:

usermod -l new_username old_username

Change the home directory:

usermod -d /new/home/directory -m username

Change the default shell:

usermod -s /bin/zsh username

Deleting Users

To remove a user but keep their home directory:

userdel username
To remove a user and their home directory:

userdel -r username

Other usermod options:

-m -d /home/newfolder (to move the content of home folder to this new folder)
-p (we can use passwd command also)
-s shell type
-L -U (Lock/Unlock a user)

Create a Folder for User shan and Assign Ownership

Example: Creating /data/shan

mkdir -p /data/shan
chown shan:shan /data/shan
chmod 700 /data/shan

●​ mkdir -p: creates the directory (and parent if needed)​

●​ chown shan:shan: gives user shan ownership​

●​ chmod 700: restricts access to the owner only

-p (we can use passwd command also)

 -L -U (Lock/Unlock a user)

Group Membership

In any UNIX environment, a user can be a member of two different kinds of groups: the primary group and
all other groups. Every user must be a member of a primary group. If one user on your system does not have
a primary group setting, no one will be able to login, so membership in a primary group is vital. O n a Red
Hat server, all users are by default a member of a group that has the same name as the user. This is done for
security reasons to make sure that no files are shared with other users by accident.
Users can be members of more than just the primary group, and they will automatically have access to the
rights granted to these other groups. The most important difference between a primary group and other
groups is that the primary group will automatically become the group owner of a new file that a user creates.

Unlike user accounts, group accounts always represent some sort of logical organization of users

Working with Groups

Creating Groups

groupadd groupname

Verify

less etc/group

Adding Users to Groups

usermod -aG groupname username

Viewing Group Memberships

groups username

How to see how many user is created:

Changing Primary Group

usermod -g new_primary_group username

⚠️ Using -G without -a removes the user from all current secondary groups and replaces them with the
ones listed.
Syntax
usermod -G group1,group2 username

●​ Assigns the user to group1 and group2 as secondary groups.​

●​ All previously assigned secondary groups will be removed.

Example
usermod -G developer,QA user3

●​ user1 will now belong to developer and QA as secondary groups.​

●​ Any other secondary groups previously assigned to user3 will be removed.

How to Add Without Removing Existing Groups

Use -aG:

To change the default group

https://github.com/iam-veeramalla/ultimate-linux-guide/

Using Permissions and Advanced Permissions

●​ The Linux permission system was invented in the 1970s. since computing needs
were limited in those years, the basic permission system created during that period
of time was a bit limited.
●​ Because of backward compatibility reasons this system is still in place today,
though.
●​ This basic system consists of three permissions that can be applied to files and
directories.

understanding read write and execute permissions

●​ The three basic permissions allow us to read, write, and execute files.
●​ The effect of these permissions is different if applied to files vs. directories. if
applied to a file the read permission gives the right to open the file for reading.
●​ If applied to a directory read allowed to list and contents of that directory. The read
permission does not allow the user to read files in the directory. The linux
permission system donor follows inheritance and hence the only way to read a file is
by using the read permission on that file.
●​ When write permission is applied to a file it allows the user to write to that file
which indicates that the contents of existing files can be modified. It does not
however allow you to create or delete new files.
●​ To do that write permission on the directory is needed where the file is to be created
in directories write permission also allows to create and remove new subdirectories
and files execute permission is required to execute a file it is never set by default
which makes Linux almost completely immune to viruses.
●​ the users with administrative rights to a directory will be capable of applying the
execute permission. typically, this would be the root user. however, a user is owner
of the directory also has the right to change the permission in that directory
Applying read write and execute permissions

The chmod command is used to apply permissions when using chmod permission for user, group, and other
can be set. this command can be used in two modes: relative and absolute. in absolute mode, 3 digit are used
to set the basic permissions whereas in relative mode, the letters are specified
●​ When setting permissions, the value needs to be calculated. For example, if the user wants to set
read, write, execute for the user, read and execute for the group, and read and execute for others on
the /filemy file. the chmod command is used in the following way: chmod 755 /myfile.
●​ Here the number ‘755’ (from left to right) means that the first digit is specified ‘user’ and since all
permissions are granted, (read+write+execute= 4+2+1=7 ).
●​ Similarly, the next digit is for ‘group’ who has the permission for the read and execute as per the
example and hence the number is 5 (read+execute= 4+1=5) and the last digit is for others which is
valued 5 by the same logic.
●​ when using chapter mode this way all current permissions are replaced by the permission by the
owner.
●​ If the permissions are to be modified relative to the current permissions, chmod in relative mode
can be used. when using chmod, in relative mode, three indicators are used to specify the actions.
●​ firstly specify or whom change for permission must take place. to do this, choice is made between
user (u), group (g), and others (o). further an operator is used to add (+) or remove (-)
permissions.
●​ Finally, at the end, use r,w, and x to specify read, write and execute permissions respectively and
set it. For example, chmod +x myfile would add the execute permission for all users.
●​ In relative mode, more complex commands can be used as well. For instance, chmod g+w, o-r
myfile would add the write permission to the group and remove read for others.
Permission for all:
Permission for others

Or can try—-----------------------
To remove the permission from others:

Second Method for the desired result:

Recursively updates the file permissions

-R will change permission of directory and files inside it

Numeric (Octal) Method:

Chmod (change mode):
Also added execution that why add 1 then it is 6->7

Remove the execution

To Remove the permission(NO Permission):

To give all the permission

MANAGE OWNERSHIP

Permission associate from ownership

CHOWN (changing owner)

Eg
Run:

For the group:

To give file ownership to another user

To give group ownership to another user

To see all the file and directory permissions available in your system