Linux 7&8

LINUX 7&8
WITH ANSIBLE AUTOMATION

REFRENCE CUM LAB MANUAL
By Musabuddin Syed
Redhat certified
VirtualPath Techno Solutions
E-Mail: info@virtualpathtech.com
Phone: +91 799 309 6092
website: www.virtualpathtech.com
website: www.musab.in
LINUX 6&7 COMPARITIVE STUDY GUIDE CUM LAB MANUAL:
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness
is implied
Dedicated to:
My parents, my friends and to my students, especially dedicated to my most loving
younger brother SHAKEEB, whom we’ve lost to Cancer
Our Address:
VirtualPath Techno Solutions:
Phone/WhatsApp :+91 799 309 609292

Email: info@virtualpathtech.com
http://www.virtualpathtech.com
Trademarks
The reader should recognize that the following terms, which appear in the content of this training
document, are official trademarks of Red Hat or other companies
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, is trademarks of Red Hat, Inc., registered
in the United States and other countries.
Linux ® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS ® is a trademark of Silico n Graphics International Corp. or its subsidiaries in the United States
and/or other countries
FOREWORD
About the Author:
Musabuddin Syed is a highly acclaimed trainer, author and solutions provider. He regularly
trains students in in-house, online and corporate at VirtualPath Techno Solutions. He has an
experience of more than 10 years in industry and Training, where he has delivered more than
400 batches successfully in various technologies.
I’m Highly Indebted To:

Almighty God
My Family
KernelSphere Technologies
Mr. Vinod Kumar
Ms. Jyoti Singh
My Friends and Colleagues
Especially My Students, without whom this would not have been possible.
Musabuddin Syed
Words to the Students
Though we have taken utmost efforts to present you this book error free, but still it may contain
some errors or mistakes. Students are encouraged to bring, if there are any mistakes or errors
in this document to our notice. So that it may be rectified in the next edition of this document.
This document provides good information on every topic and lab practices. This could become
more effective if equally good practice is done. I urge the readers/students to do rigorous practice to
polish your skill sets.
You can reach us on the following email address
info@virtualpathtech.com
musab@virtualpathtech.com
musabsyd@gmail.com
Go through our website and blog

www.virtualpathtech.com
www.musab.in
OTHER COURSES AT
VIRTUALPATH
LINUX CLUSTERS
DEVOPS AWS
NETAPP &
OPENSTACK IBM &EMC SAN
NETAPP CLUSTER
ORACLE DBA, RAC IBM AIX, POWER

VMWARE
& GOLDEN GATE HA, LPAR VIO
SHELL SCRIPTING And Many More...
Table of Contents
1. Introduction to Linux …………………………………………………………………………………………….… 07-13
2. Basic Commands...…………………………...…………………………………………………………………….. 14-32
3. RHEL 8 Basic Installation ………………........…………………………………………………………………. 33-45
4. Managing File Systems and Partitions ……………………………………………………………………...46-61
5. Swap Spaces Management …………........…………………………………………………………………... 62-65
6. Logical Volume Management (LVM) ………………………………………………….………………….… 66-79
7. RHEL 8 LVM based Installation ................………………………………………….……………………. 80-82
8. User and Group Administration ………………………………………………………………………….….. 83-93
9. Controlling Access to the Files ........……………………………………………………..…………….…. 94-101
10. Enhanced User Security with SUDO ………………………………………………………..……………… 102-109
11. Network Configuration and Troubleshooting………….……………………………….…………….. 110-122
12. NIC Teaming …………………………………………………………………………………………………………. 123-128
13. Managing SELinux (Basics) ……………………….……………………………………………….…………. 129-138
14. Booting Procedure of RHEL7/8 and Troubleshooting …........................................... 139-147
15. Manage Installed Services ……………………………………………………….…………………………… 148-151
16. Introduction to Firewalld …………………………………………………………….………………………. 152-155
17. Introduction to Cokpit in RHEL8 …………………………………………………………….…………..… 156-158
18. Backup and Restore (tar&gzip) .…………………………………………………………………………… 159-161
19. Job Automation with Cronjobs ….……………………………………………………………………….. 162-167
20. Administrating Remote System ……………………………………………………………………………. 168-176
21. Software Management ………………………………………………………………………………………… 177-197
22. Managing Processes …………………………………….………..……………………………………………. 198-212
23. NFS (Network File System) Server ……………………………………………………………………..… 213-221
24. Samba Server ……………………………..……………………………………………………………………….. 222-229
25. DNS (Domain Name System) Server ……………………………………………………………………… 230-239
26. Mail Server …………………………………………..………………………..……………………………………. 240-244
27. Web Server (Apache) ……………………………………………………………………………………..……. 245-259
BONUS SERVERS & TOPICS FOR SELF-LEARNING

28. Squid Proxy Server ……………………………………………………………………………………………….. 261-267
29. DHCP Server …………………………………………………………………………………………………………. 268-273
ANSIBLE AUTOMATION......................................... 274
This page has been left blank intentionally
INTRODUCTION TO UNIX & LINUX
What is Operating System?

Operating system is an interface between user and the computer hardware. The hardware of the
computer cannot understand the human readable language as it works on binaries i.e. 0's and 1's. Also it
is very tough for humans to understand the binary language, in such case we need an interface which can
translate human language to hardware and vice-versa for effective communication.
Types of Operating System:

• Single User - Single Tasking Operating System
• Single User - Multitasking Operating System
• Multi User - Multitasking Operating System
Single User - Single Tasking Operating System

In this type of operating system only one user can log into system and can perform only one task at a time.
E.g.: MS-DOS
Single User - Multi tasking operating System

This type of O/S supports only one user to log into the system but a user can perform multiple tasks at a
time, browsing internet while playing songs etc.
E.g.: Windows -98, XP, vista, 7,8,10 etc.
Multi User - Multi Tasking Operating System

This type of O/S provides multiple users to log into the system and also each user can perform various
tasks at a time. In a broader term multiple users can logged in to system and share the resources of the
system at the same time.
E.g.: UNIX, LINUX etc.
Page 7 of 273
HISTORY OF UNIX
In the beginning, there was AT&T.
Bell Labs’ Ken Thompson developed UNIX in 1969 so he could play games on a scavenged DEC PDP-7. With
the help of Dennis Ritchie, the inventor of the “C” programing language, Ken rewrote UNIX entirely in “C”
so that it could be used on different computers. In 1974, the OS was licensed to universities for
educational purposes. Over the years, hundreds of people added and improved upon the system, and it
spread into the commercial world. Dozens of different UNIX “flavors” appeared, each with unique
qualities, yet still having enough similarities to the original AT&T version. All of the “flavors” were based
on either AT&T’s System V or Berkeley System Distribution (BSD) UNIX, or a hybrid of both.
During the late 1980’s there were several of commercial implementations of UNIX:
• Apple Computer’s A/UX
• AT&T’s System V Release 3
• Digital Equipment Corporation’s Ultrix and OSF/1 (renamed to DEC UNIX)
• Hewlett Packard’s HP-UX
• IBM’s AIX
• Lynx’s Real-Time UNIX
• NeXT’s NeXTStep
• Santa Cruz Operation’s SCO UNIX
• Silicon Graphics’ IRIX
• SUN Microsystems’ SUN OS and Solaris
• and dozens more.
The Open Standards Foundation is a UNIX industry organization designed to keep the various UNIX flavors
working together. They created operating systems guidelines called POSIX to encourage inter-operability
of applications from one flavor of UNIX to another. Portability of applications to different gave UNIX a
distinct advantage over its mainframe competition.
Then came the GUIs. Apple’s Macintosh operating system and Microsoft’s Windows operating
environment simplified computing tasks, and made computers more appealing to a larger number of
users. UNIX wizards enjoyed the power of the command line interface, but acknowledged the difficult
learning curve for new users. The Athena Project at MIT developed the X Windows Graphical User
Interface for UNIX computers. Also known as the X11 environment, corporations developed their own
“flavors” of the UNIX GUIs based on X11. Eventually, a GUI standard called Motif was generally accepted
by the corporations and academia.
During the late 1990’s Microsoft’s Windows NT operating system started encroaching into traditional
UNIX businesses such as banking and high-end graphics. Although not as reliable as UNIX, NT became
popular because of the lower learning curve and its similarities to Windows 95 and 98. Many traditional
UNIX companies, such as DEC and Silicon Graphics abandoned their OS for NT. Others, such as SUN,
focused their efforts on niche markets, such as the Internet.
Page 8 of 273
Linus Torvalds had a dream. He wanted to create the coolest operating system in the world that was
free for anyone to use and modify. Based on an obscure UNIX flavor called MINIX, Linus took the
source code and created his own flavor, called Linux. Using the power of the Internet, he distributed
copies of his OS all over the world, and fellow programmers improved upon his work. In 1999, with a
dozen versions of the OS and many GUIs to choose from, Linux is causing a UNIX revival. Knowing that
people are used to the Windows tools, Linux developers are making applications that combine the
best of Windows with the best of UNIX.
UNIX Principles
• Everything is a file:- UNIX system have many powerful utilities designed to create and
manipulate files. The UNIX security model is based around the security of files. By
treating everything as a file, you can secure access to hardware in the same way as
you secure access to a document.
• Configuration data stored in text: - Storing configuration in text allows an
administrator to move a configuration from one machine to another easily, provide
the ability to roll back a system configuration to a particular date and time.
• Small, Single-Purpose Programs: - UNIX provides many utilities.
• Avoid captive user interfaces:-
• Ability to chain programs together to perform complex tasks:- A core design feature
of UNIX is that output of one program can be the input for another. This gives the
user the flexibility to combine many small programs together to perform a larger,
more complex task.
GNU Project/ FSF
• GNU project started in 1984

a) Goal: Create ‘free’ UNIX clone
b) By 1990, nearly all required user space application created.

Example:-gcc, emacs, etc.
• Free Software Foundation

a) Non-Profit organization that manages the GNU project.
GPL – GNU (General Public License)
• primary license for open source software

• encourages free software
• All enhancements and changes to GPL software must also be GPL
• Often called ‘copy left’ (All rights reversed)
Page 9 of 273
Linux Origins
• LINUS TORVALDS
a) Finnish college student in 1991
b) Created Linux Kernel
• When Linux Kernel combined with GNU applications, complete free UNIX like OS was
developed.
Why Linux?
• Fresh implementation of UNIX APIs

• Open source development model
• Supports wide variety of hardware
• Supports many networking protocols and Configurations
• Fully supported
1) Linux is a UNIX like OS: Linux is a similar to UNIX as the various UNIX versions are to
each other.
2) Multi-User and Multi-tasking: Linux is a multi-user and multi-tasking operating
system. That means that more than one person can be logged on to the same Linux
computer at the same time. The same user could even be logged into their account
from two or more terminals at the same time; Linux is also Multi-Tasking. A user can
have more than one program executing at the same time.
3) Wide hardware support: Red Hat Linux support most pieces modern x86 compatible
PC hardware
4) Fully Supported: Red Hat Linux is a fully supported distribution Red Hat Inc. provides
many support programs for the smallest to the largest companies.
Page 10 of 273
ARCHITECTURE OF UNIX
The architecture of UNIX can be divided into three levels of functionality, as shown in Figure.
The lowest level is the kernel, which schedules tasks, manages resources, and controls
security. The next level is the shell, which acts as the user interface, interpreting user
commands and starting applications. The highest level is utilities, which provides utility
functions. In other words it is the USER level, as user is the one who operates those utilities.
Page 11 of 273
FILESYSTEM HIERARCHY
Linux uses single rooted, inverted tree like file system hierarchy
/ This is top level directory
It is parent directory for all other directories
It is called as ROOT directory
It is represented by forward slash (/)
C:\ of windows
/root it is home directory for root user (super user)

It provides working environment for root user
C:\Documents and Settings\Administrator
/home it is home directory for other users

It provide working environment for other users (other than root)
c:\Documents and Settings\username
/boot it contains bootable files for Linux

Like vmlinuz (kernel)..... ntoskrnl
Initrd (INITial Ram Disk)and
GRUB (GRand Unified Boot loader).... boot.ini, ntldr
/etc it contains all configuration files

Like /etc/passwd..... User info
/etc/resolv.conf... Preferred DNS
/etc/dhcpd.conf.... DHCP server
C:\windows\system32\dirvers\
/usr by default soft wares are installed in /usr directory

(UNIX Sharable Resources)
c:\program files
/opt It is optional directory for /usr

It contains third party softwares
c:\program files
/bin it contains commands used by all users

(Binary files)
/sbin it contains commands used by only Super User (root)

(Super user's binary files)
/dev it contains device files

Like /dev/hda ... for hard disk
/dev/cd rom ... for cd rom
Similar to device manager of windows
Page 12 of 273
/proc it contain process files
Its contents are not permanent, they keep changing
It is also called as Virtual Directory
Its file contain useful information used by OS
Like /proc/meminfo... information of RAM/SWAP
/proc/cpuinfo... information of CPU
/var it contains variable data like mails, log files
/tmp contains the temporary files for small period of time
/mnt it is default mount point for any partition

It is empty by default
/media it contains all of removable media like CD-ROM, pen drive
/lib it contains library files which are used by OS

It is similar to dll files of windows
Library files in Linux are SO (shared object) files
Page 13 of 273
UNIX BASIC COMMANDS
Creating, Removing, Copying, Moving files & Directories

Creating a file in Linux
Using cat command:
• cat (Concatenate) command is used to create a file and to display and modify the contents
of a file.
• To create a file
# cat > filename (say myfile)
Hello World
Ctrl+d (To save the file)
To display the content of the file

# cat filename (say myfile)
To append the data in the already existing file

# cat >> <filename>
# cat >> myfile
Ctrl+d (to exit back)
Creating multiple files at same time using touch command

#touch <filename> <filename> <filename>
#touch file1 file2 file3
Note: to check the files use # ls command
Page 14 of 273
Creating a Directory
#mkdir <dir name>
#mkdir mydir
Making multiple directories inside a directory
Let us make some directories according to the following architecture in one command.
World
India AUS USA
Hyd Bang Sydney Perth Tampa Nyc
#mkdir –p World/{India/{Hyd,Bang},AUS/{Sydney,Perth},USA/{Tampa,NYC}}
Check it by using tree command or ls –R command
Copying files into directory

#cp <source filename> <destination directory in which to paste the file>
#cp file1 mydir
Page 15 of 273
Copying directories from one location to other
# cp –rvfp <dir name> <destination name>
#cp –rvfp mydir2 mydir
Moving files from one location to other (cut and Paste)

#mv <filename> <Destination directory>
#mv myfile mydir
Moving a Directory from one location to other

#mv <dir name> <destination dir name>
#mv mydir mydir2
Renaming a File
#mv <old name> <new name>
#mv file1 newfile
Page 16 of 273
Renaming a Directory
• The procedure and command for renaming the directory is exactly same as renaming a
file.
#mv old name new name
#mv mydir newdir
Removing a File
#rm filename or #rm –f filename (without prompting)
Without prompting:
Removing an Empty directory

#rmdir dirname
Page 17 of 273
Removing a directory with files or directories inside
A dir which is having some contents inside it cannot be removed by rmdir command. There
are two ways to delete the directory with contents.
i. Remove the contents inside the directory and then run rmdir command
ii. Run #rm –rf dirname (where r stands for recursive and f stands for forcefully.
VIM EDITOR
VI Visual display editor
VIM Visual display editor improved
This is command mode editor for files. Other editors in Linux are emacs, nano, and gedit
vi editor is most popular
It has 3 modes:
1 Command Mode
2 Insert mode (edit mode)
3 extended command mode
Note: When you open the vim editor, it will be in the command mode by default.
In the command mode the cursor’s can be used as

h/l/k/j to move cursor left/right/up/down
Insert Mode:
i To begin insert mode at the cursor position
I To insert at the beginning of line
a To append to the next word’s letter
A To Append at the end of the line
o To insert a new line below the cursor position
O To insert a new line above the cursor position
Page 18 of 273
Command Mode:
gg To go to the beginning of the file
G To go to end of the file
w To move the cursor forward, word by word
b To move the cursor backward, word by word
nw To move the cursor forward to n words (5W)
nb To move the cursor backward to n words (5B)
u To undo last change (word)
U To undo the previous changes (entire line)
Ctrl+R To redo the changes
yy To copy a line
nyy To copy n lines (5yy or 4yy)
p To paste line below the cursor position
P To paste line above the cursor position
dw To delete the word letter by letter (like Backspace)
x To delete the world letter by letter (like DEL Key)
dd To delete entire line
ndd To delete n no. of lines from cursor position(5dd)
/ To search a word in the file
Extended Mode: (Colon Mode)

Extended Mode is used for save and quit or save without quit using “Esc” Key with “:”
Esc+:w To Save the changes

Esc+:q To quit (Without saving)
Esc+:wq To save and quit
Esc+:w! To save forcefully
Esc+wq! To save and quit forcefully
Esc+:x To save and quit
Esc+:X To give password to the file and remove password
Esc+:20(n) To go to line no 20 or n
Esc+: se nu To set the line numbers to the file
Esc+:se nonu To Remove the set line numbers
To open multiple files in vim editor

#vim –o file1 file2
To switch between files use Ctrl +w
Listing files and directories:

#ls list the file names
#ls -l long listing of the file
#ls –l filename to see the permissions of a particular file
#ls -al shows the files in ascending order of modification.
#ls p* All the files start with p.
Page 19 of 273
#ls ?ample Files with any first character and has ample
#ls -ld l* Directory listing only
#ls –ld directory name to see the permissions of a particular directory
#ls [ae]* First character of the filename must be a or e.
# ls [!ae]* ! Symbol complements the condition that follows. The characters must
not be a or e.
#ls [a-m][c-z][4-9] list all the files in specific range
Types of Files:
Symbol Type of File
- Normal file
d Directory
l Link file (shortcut)
b Block file (Harddisk, Floppy disk)
c Character file (Keyboard, Mouse)
Symbolic Link
There are two types of Links:-

Soft Link Hard link
Size of link file is equal to no. of Size of both file is same
1
characters in the name of original file
2 Can be created across the Partition Can't be created across the partition
inode no. of source and link file is inode no. of both file is same
3
different
if original file is deleted, link is broken If original file is deleted then also link
4
and data is lost will contain data
5 SHORTCUT FILE BACKUP FILE
Creating a soft link:

# ln –s <source file> <destination>
Page 20 of 273
Creating a Hard link:
#ln <source file> <Destination>
Regular Expressions, Pipelines & I/O Redirections

Grep:
Grep stands for Global Regular Expression Print. It is used to pick out the required expression
from the file and print the output. If grep is combined with another command it can be used
to pick out the selected word, phrase from the output of first command and print it.
Examples of Grep:
Let us pick the information about root from the file /etc/passwd (/etc/passwd contains
information about all the users present in the system)
#grep root /etc/passwd
To avoid case sensitivity of the word (i.e. the word may be uppercase of lowercase) use -i
#grep –i linux test (lets grep the word linux whether upper of lower case in the file test)
To display a word and 2 lines after the word:

#grep –nA2 wheel /etc/group
Page 21 of 273
To display a word and 2 lines after the word:
#grep -nB2 wheel /etc/group
To display the things except the given word

#grep –v world test
To display the searched word in color

#grep --color root /etc/passwd
Combining grep with other commands

# cat myfile | grep –i linux (pipe | is used to combine to commands)
#ls –l |grep –i myfile
# ifconfig |grep –i eth0
Like this we can combine grep with many commands which we will see in later chapters
Filter Commands:
• Filter commands are used to filter the output so that the required things can easily be
picked up. The commands which are used to filter the output are
#less
#more
#head
#tail
#sort
#cut
#sed
Page 22 of 273
• less:
The less command is used to see the output line wise or page wise.
Ex: less /etc/passwd
Note: -press Enter key to scroll down line by line (or)

Use d to go to next page
Use b to go to previous page
Use / to search for a word in the file
Use v to go vi mode where you can edit the file and once you save it you will back to
less command
more:
more is exactly same like less
Ex: #more /etc/passwd
Note: -press Enter key to scroll down line by line (or)
Use d to go to next page
Use / to search for a word in the file
Use v to go vi mode where you can edit the file and once you save it you will back to
more command
head:
It is used to display the top 10 lines of the file.
Ex:# head /etc/passwd
Page 23 of 273
To display the custom lines
#head -n /etc/passwd (where n can be any number)
tail:
It is used to display the last 10 lines of the file
#tail /etc/passwd
To display the custom lines

#tail -n /etc/passwd (where n can be any number)
Sort:
It is used to sort the output in numeric or alphabetic order
#sort filename
Page 24 of 273
To sort the file according to numbers
#sort –d test or #sort –h test
To remove the duplicate entries from the output

#sort –u test
cut command:
The cut command is used to pick the given expression (in columns) and display the output.
# cut -d -f filename (where d stands for delimiter ex. : , “ “ etc and f stands for field)
To delimit spaces and print the field

#cut –d “ “ –f1 filename
Page 25 of 273
To delimit commas and print the field
#cut –d, -f1 filename
sed command:
sed stands for stream editor, which is used to search a word in the file and replace it with
the word required to be in the output
Note: it will only modify the output, but there will be no change in the original file.
#sed ‘s/searchfor/replacewith/g’ filename
I/O Redirection:
Redirection is a process where we can copy the output of any command(s), file(s) into a new
file. There are two ways of redirecting the output into a file.
Using > or >> filename after the command, and
Using tee command
Let’s see the > and >> option first

Syn: command > new file
Note: if the given name of the file is not available a new file will be created automatically.
If the file already exists then it will overwrite contents of that file.
Page 26 of 273
Appending another output in same the same file
Likewise there are many options where we can use redirections

Ex:
Copying contents of two files in a new file
#cat file1 file2 > file3
Using tee command:
The above options of redirections will not display any output, but directly save the output
in a file. Using tee command will not only redirect the output to new file but it will also
display the output.
Syn: cat <filename> | tee <new file name>
Note: if the given name of the file (newfile) is not available a new file will be created
automatically. If the file already exists then it will overwrite contents of the file.
#cat file2 |tee file3
Appending data in the same file using tee command

Syn: cat filename |tee –a filename2
#cat test | tee –a file2
Page 27 of 273
Find command:
find command is used to find the files or directory’s path, it is exactly like the find option in
windows where you can search for a file.
Syntax: find / (under root) –option filename
Options that can be used with find command:
Option Usage
-name For searching a file with its name
-inum For searching a file with particular inode number
-type For searching a particular type of file
-user For files whose owner is a particular user
-group For files belonging to particular group
Finding a File with name

#find / -name newfile
Finding a file with its inode number

#find / -inum 1445159
Finding the files, whose owner is a user called “ktuser”

#find / -user myuser
Page 28 of 273
Finding the files whose group is “myuser”
#find / -group myuser
File Permissions:
Permissions are applied on three levels:
• Owner or User level
• Group level
• Others level
Access modes are of three types:

• r read only
• w write/edit/delete/append
• x execute/run a command
Access modes are different on file and directory:
Permissions Files Directory

r Open the file 'ls'/list the contents of directory
Write, edit, append, delete Add/Del/Rename contents of
w
file directory
To run a command/shell
x To enter into directory using 'cd'
script
Filetype+permission, links, owner, group name of owner, size in bytes, date of modification,
file name
Permission can be set on any file/dir by two methods:

1 Symbolic method (ugo)
2 Absolute methods (numbers)
Page 29 of 273
1 Symbolic method (ugo):
• Symbolic mode: General form of symbolic mode is:
# chmod [who] [+/-/=] [permissions] file
who  To whom the permissions to be assigned
User/owner (u); group (g); others (o)
Example:
Assigning different permissions to the file (user=rwx, group=rw and others=r)
#chmod u=rwx,g=rw,o=r myfile (where myfile is the name of the file)
Assigning full permission to the file i.e. rwx to all

#chmod ugo=rwx <file name>
Likewise you can add or remove permissions from any file for anyone (user group or
other)
• #chmod u+x myfile (Adding execute permission to user only)

• #chmod go-wx myfile (Removing write and execute permissions from group and other)
• #chmod go+wx myfile (Adding write and execute permissions from group and other)
• #chmod go=r myfile (Giving only read permission to group and other)
2 Absolute Method (numbers)

In Absolute method we use numbers instead of using symbols i.e.
• Read=4
• Write=2
• Execute=1
Assigning different permissions to the file (user=rwx, group=rw and others=r)

#chmod 764 myfile (where 7 means rwx i.e. 4+2+1, rw=6 i.e. 4+2 and 1 indicates x)
Page 30 of 273
Assigning full permission to the file i.e. rwx to all
#chmod 777 myfile
Likewise you can give different permissions according to your requirement
Removing all permissions from others

#chmod 770 myfile (where 0 indicates no permissions)
Note: All the above permissions and procedure is same for files and directories.
Umask:
When we create any file using touch, cat or vi commands they get created with default file
permissions as stored in umask (User file creation mask).umask is a 4 digit octal number
which tells Unix which of the three permissions are to be denied rather than granted. Umask
will decide that what should be the default permissions for a file and directory when it is
created.
The default umask value is 0022

#umask
Calculation of default permissions for file and directory, basing upon the umask value
Note: For a file by default it cannot have the execute permission, so the maximum full
permission for a file at the time of creation can be 666 (i.e. 777 -111 = 666), whereas a
directory can have full permissions i.e. 777
• The full permission for the file 666

• Minus the umask value - 022
• The default permission for file is 644 (rw-,r--,r--)
• The full permission for the directory 777

• Minus the umask value - 022
• The default permission for file is 755 (rwx, r-x, r-x)
Page 31 of 273
Modifying the umask value:
#umask 002
The Modified default Permission for a file will be 666-002=664 i.e. rw,rw,r, and for the
directory it will be 777-002=775 i.e. rwx,rwx,r-x.
Note: Create a file and a directory and check for the default permissions.
Visit www.musab.in for all basics video tutorial by Musab Syed

These were the few things amongst the basics; keep working to furnish your basics. After
All, “if the foundation is good then only the building can stand still”
Page 32 of 273
RHEL 8 BASIC INSTALLATION
Minimum and Recommended Requirements to install RHEL7/8
MINIMUM RECOMMENDED
Intel/AMD Dual core processor Intel/AMD Quad Core Processor
4GB RAM 16GB RAM
25GB HARD DISK SPACE 50GB HARD DISK SPACE
Note: RHEL7/8 comes only in 64 bit version
Minimum Partition creation and sizes for basic installation
Partitions Sizes
/ {root) 20-30 GB APPROX
/boot 1 GB
SWAP Twice of RAM approx
Installing RHEL7/8 with above specification
• Enter into BIOS setting and make CD/DVD Drive as first boot device
• Make sure that VT {Virtual Technology) is enabled for RHEL7-64 bit systems
• Insert the RHEL 7 CD/DVD into CD/DVD drive and boot the system
• If booted from CD/DVD Rom the following screen will be displayed
Page 33 of 273
• Move the cursor to install Red Hat Enterprise linux 8.x, hit Enter
• Select the Language and Country for time zone, language and currency
Page 34 of 273
• Select date and time to make time zone selection
• Make the selection as per your country and click on done
Page 35 of 273
• Select Software Selection for selecting software to install during installation
• Select appropriate environment for installation and click on done
Page 36 of 273
• Click on INSTALLATION DESTINATION for partitioning layout
• Select the Disk which you want to use for installation, Select Custom, for manual
partitioning and click on Done.
Page 37 of 273
• Select the style of partitioning type preferable
• Click on +/- button for adding /removing partitions
Page 38 of 273
• Select / for root partition and assign required size in KB, MB, GB
• Select the second partition as /boot
Page 39 of 273
• Finally, select swap and give the size
• Verify the partitions and make changes if required and click on Done
Page 40 of 273
• Accept the changes for continue
• Click on KDUMP to enable/disable kernel crash dump mechanism.
Page 41 of 273
• Click on Network&Hostname to set IP address, which can skipped and set later also.
Page 42 of 273
• Click on root password to assing admin level password for root user
• Click on User creation to create an additional normal user
Page 43 of 273
• Finally, Click on Begin Installation to start the installation
• Once the installation is completed, reboot the machine while clicking on Reboot
Page 44 of 273
• After booting first time, click on LICENSE INFORMATION to see and accept the
license agreement.
• Read and Accept the EUL Agreement and click on done
• If you have subscription, register your machine with Redhat Network for updates
and support.
• If you want to skip registration, click on FINISH CONFIGURATION
Page 45 of 273
MANAGING PARTITIONS & FILE SYSTEMS
What is a partition?
Partitioning is a means to divide a single hard drive into many logical drives. A partition is a
contiguous set of blocks on a drive that are treated as an independent disk. A partition table
is an index that relates sections of the hard drive to partitions.
Why have multiple partitions?
• Encapsulate your data. Since file system corruption is local to a partition, you stand to lose
only some of your data if an accident occurs.
• Increase disk space efficiency. You can format partitions with varying block sizes, depending
on your usage. If your data is in a large number of small files (less than 1k) and your partition
uses 4k sized blocks, you are wasting 3k for every file. In general, you waste on average one
half of a block for every file, so matching block size to the average size of your files is important
if you have many files.
• Limit data growth. Runaway processes or maniacal users can consume so much disk space
that the operating system no longer has room on the hard drive for its bookkeeping
operations. This will lead to disaster. By segregating space, you ensure that things other than
the operating system die when allocated disk space is exhausted.
Disk Partitioning Criteria:
G F
P P P P P R
E
T
E
MBR = MASTER BOOT RECORD GPT = GUID PARTITION TABLE

P= PRIMARY PARTITION P= PARTITION
EXTENDED= EXTENDED PARTITION FREE= FREE SPACE
L= LOGICAL PARTITION
FREE= FREE SPACE
Page 46 of 273
The Structure of Disk Partition
• On the disk where O/S is installed, will have the first partition as MBR/GPT.
• MBR is a Master Boot Record, which contains two important utilities, IPL (Initial
Program Loader) and PTI (Partition Table information). Which supports up to 2TB of
disk size
• GPT is GUID Partition Table, which also contains IPL as well as PTI, supports up to 2
Zettabyte (1024 EB (Exabyte)=1 ZB (zettabyte) ).
• IPL is responsible for booting the operating the system, because it contains the boot
loader.
• In earlier versions of Linux i.e. up to RHEL 4, the default boot loader was LILO (Linux
Loader). But, since RHEL5 onwards it has been changed to GRub (Grand Unified Boot
loader), which is far more superior to LILO. In RHEL 7 GRub2 has been introduced.
• The PTI (Partition Table information) is the information about the number of partitions
on the disk, sizes of the partition and types of partitions.
THE CRITERIA OF DISK PARTITIONING IN MBR:
• Every disk can have only 4 Primary Partitions (3 Primary + 1 Extended).

• Primary Partition is a partition which usually holds the operating system.
• Extended Partition is a special type of primary partition which can be subdivided
into multiple logical partitions. As there can be only 3 primary partitions per disk,
and if the user is required to make further partitions then all the space remaining
on the disk should be allocated to extended partition, which can be used to create
the logical partitions later. There can be only one extended partition per disk.
• With the help of extended partition, you can create up to 60 partitions, but
with scsi disk, you can create max up to 16 max no. of partitions
• Logical partitions are the partitions which are created under extended partition, all
the space in the extended partition can be used to create any number of logical
partitions.
THE CRITERIA OF DISK PARTITIONING IN GPT:

• It supports up to 128 partitions per disk
Disk Identification:
Different type of disks will be having different initials in Linux
• IDE drive will be shown as /dev/hd (ex: hda, hdb, hdc)

• SCSI, SATA etc., drive will be shown as /dev/sd (ex: sda, sdb, sdc)
FILE SYSTEM:
• It is method of storing the data in an organized fashion on the disk. Every partition on
the disk except MBR and Extended partition should be assigned with some file system
in order to make them store the data. File system is applied on the partition by
formatting it with a particular type of file system.
Page 47 of 273
Types of file systems supported in RHEL 6,7 & 8:
• The file systems supported in Linux are ext2, ext3 ext4, vfat xfs in RHEL 6, 7&8 etc.
• Ext/xfs file system is the widely used file system in Linux, whereas vfat is the file
system to maintain a common storage between Linux and windows ( in case of
multiple o/s)
S.NO EXT2 EXT3 EXT4 XFS
1. Stands for Stands for Third Stands for Fourth Xtents File system/
Second Extended Extended File Extended File X File System
File System System System
2. It was introduced It was It was introduced in It was introduced in
in 1993 introduced in 2008. 1993.
2001
3. Does not have Supports Supports Journaling Supports Journaling
journaling Journaling Feature. Feature.
feature. Feature.
4. Maximum File Maximum File Maximum File Size Maximum File Size
size can be from Size can be from can be from 16 GB can be from 16TB
16 GB to 2 TB 16 GB to 2 TB to 16 TB to 8 EB
5. Maximum ext2 Maximum ext3 Maximum ext4 file Maximum xfs file
file system size file system size system size is 1 EB system size is 16 EB
can be from 2 TB can be from 2 TB (Exabyte). 1 EB = (Exabyte). 1 EB =
to 32 TB to 32 TB 1024 PB (Petabyte). 1024 PB (Petabyte).
1 PB = 1024 TB 1 PB = 1024 TB
(Terabyte). (Terabyte).
6. Cannot convert You can convert All previous ext file N/A
ext file system to an ext2 file systems can easily
ext2. system to ext3 be converted into
file system ext4 file system.
directly (without You can also mount
backup/restore). an existing ext3 f/s
as ext4 f/s (without
having to upgrade
it).
MOUNTING:-
PARTITION
sdax DIRECTORY
Page 48 of 273
• It is a method of attaching a directory to the file system in order to access the partition
and its file system is known as mounting.
• The mount point is the directory (usually an empty one) in the currently accessible file
system to which an additional file system is mounted.
• The /mnt directory exists by default on all Unix-like systems. It, or usually its
subdirectories (such as /mnt/floppy and /mnt/usb), are intended specifically for use
as mount points for removable media such as CDROMs, USB key drives and floppy
disks.
Files which is related to mounting in Linux:
• /etc/mtab is a file which stores the information of all the currently mounted file
systems; it is dynamic and keeps changing.
• /etc/fstab is the file which is keeps information about the permanent mount point. If
you want to make your mount point permanent, so that it will be mounted even after
reboot, then you need to make an appropriate entry in this file.
LAB WORK:-
To view the existing partitions (RHEL6)

#fdisk –l or parted –l
Note: Observe in the above picture that the device name is /dev/sda .
Page 49 of 273
To view the existing partitions (RHEL7/8)
#fdisk –l or parted –l
Partition Administration using fdisk

To enter into disk utility, the syntax is
#fdisk <disk name>
#fdisk /dev/sda
• Use m to list out various options that can be used in fdisk.
Page 50 of 273
Creating a new partition
#fdisk /dev/sda
• Use p to list out the partition information first and
• Use n to create a new partition.
Now use n to create a new partition and verify it again with p.
Page 51 of 273
Deleting a partition
Let’s delete the partition we’ve created above i.e. /dev/sda7
• Use d to delete a partition and specify the device name, in our case it is 7.
Note: Never delete the system partitions i.e. 1-3
Saving the partition changes

Every time you make a partition or delete a partition, the changes made has to be saved using
w, otherwise the creation and deletion will not be considered to be happen. For practice
purpose you can make any no. of partition and delete it and just quit using q so that it will not
be saved.
Updating the partition table without restarting the system

After creating or deleting a partition the changes will be effected in the partition table only
after the restart of the system. But there is a way to avoid this circumstance. We can use
partprobe or partx command to update the partition information without restarting the
system. Note: in RHEL8 it is not needed to manually update, as it gets update by default.
#partprobe /dev/sda
Or
#partx –a /dev/sda(while adding), #partx –d /dev/sda(while deleting)
Or
#kpartx /dev/sda
Note: In RHEL6 partprobe is not functioning properly, so it is recommended to use partx, whereas in
RHEL7 it is functioning perfectly.
• Read the following file to check status of partition table
• #cat /proc/partitions
RHEL6 RHEL7
Page 52 of 273
“Now then we have learnt creating a partition. Let’s see how to format a partition with a
particular file system”
Formatting a partition with ext4 filesystem in rhel6, 7 or 8
After creating a partition we need to assign some file system to it so that we can start storing
the data into it. To format a partition the following syntax is used.
# mkfs.<file system type> <partition name>

#mkfs.ext4 /dev/sda7 (where sda7 is our newly created partition)
• Likewise you can format the different partitions with different file systems like
• #mkfs.ext3 /dev/sdax
• #mkfs.vfat /dev/sdax
Formatting a partition with xfs in rhel7

#mkfs.xfs /dev/sda5
Note: Even after formatting the partition, we cannot add the data into the partition. In
order to add the data in the partition it is required to be mounted.
Page 53 of 273
Mounting a partition
Mounting is a procedure where we attach a directory to the file system. There are two types
of mounting which will be used in Linux or any UNIX.
• Temporary Mounting
• Permanent Mounting
Temporary Mounting
In a temporary mount point we will create a directory and mount it, but this mount point will
last only till the system is up, once it is rebooted the mounting will be lost.
Syntax:
#mount <device name> <directory name (mount point)>
#mount /dev/sda5 /mnpt
To View all the mounted partitions

#mount
ext4
xfs
• Now we have successfully mounted the partition we can access it and can store the
data
• To add the data access the mount point
• #cd /mnpt. Now, add the data and exit the directory
Unmounting a partition
#umount <mount point directory>
#umount /mnpt
Verify it with mount command.
Page 54 of 273
Permanent Mounting
Permanent mounting procedure is exactly same like temp mounting, but here we will update
the /etc/fstab file with the mounting details, so that it will be mounted even after the system
is reboot.
Steps To make a permanent mount point:
• Make a directory or use an existing directory
• Add entry in /etc/fstab file
• Use mount –a command to check it is mounting. (mount –a will mount all the entry
placed in /etc/fstab)
Here we will be using our existing /kernel directory as mount point which is created
previously.
#vim /etc/fstab
Device Name Mount Point Type of FS Dumping

Mount options
Check Sequence(fsck)
Note: For xfs, you can put xfs in place ext4
#mount –a
You can now access the directory and add, delete or modify the contents and can also
unmount the file system at any point
Mounting a partition permanently with its block id (UUID)
• To check the uuid of a partition use blkid /dev/sda7 command.

• Copy the uuid
• Make an entry in /etc/fstab using UUID
• Verify it with mount –a option
Page 55 of 273
#vim /etc/fstab
Now mount it with mount –a command and verify it with mount command
Sometimes a directory reflects error while unmouting, the possible causes for it are
• You are in the same directory and trying to unmount it. Check with pwd command
• Some users are present in the directory and using the contents in it.
• Check with fuser –cu /mnpt or /dev/sda5 and lsof /mnpt or /dev/sda6
• Kill the open connections using fuser –ck /mnpt, you could also try umount -l (lazy
unmount)
• Now you can use umount command to unmount the file system.
To view the usage information of mounted partition:

To view the usage information of mounted partition use the command df –h
#df –h,
To view the size of a file or directory

To view the size of the file or directory uses the command du –h file or directory name.
To see more details about partition, FS and uuid of the partition

Also see #lsblk –l , #lsblk –s, #lsblk –Fs
Page 56 of 273
PARTITIONING WITH PARTED COMMAND
In order to partitions in Linux we generally use fdisk command. The concept of

fdisk is to work within the utility. What if one wants to create partitions directly
with command line or script?
The answer is parted command, which allow us to create, remove or modifiy

partitions either within utility or directly on command line.
Let’s learn the way to work with parted utility and (or) command line.
To list the disk and partitions

#parted –l
Creating the partition with parted utility

#parted <disk path>
#parted /dev/sda
Page 57 of 273
Getting help in parted utility
Printing the partitions
Adding a new partition
Note: In the above example, we created 500MB partition.
Page 58 of 273
Print and confirm the partition
#print (or) p
Removing the partition
Creating a new partition table MBR/GPT on a new disk
Note: msdos for MBR & gpt for GPT partition table
Page 59 of 273
Creating 500MB partition directly with parted command
#parted <disk path> mkpart <partition number> <start val> <end value>
#parted /dev/sdb mkpart 1 1 500MB
Removing/deleting a partition using parted command

#parted <disk path> rm <partition number>
#parted /dev/sdb rm 1
Page 60 of 273
Creating a Primary/Extended/Logical partition in MBR/msdos table disk
#parted <disk path> mkpart <type of partition (primary/extended/logical)
<Start val> <end val>
#parted /dev/sda mkpart logical 22.5GB 23GB
Page 61 of 273
SWAP SPACES MANAGEMENT
Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system
needs more memory resources and the RAM is full, inactive pages in memory are moved to
the swap space. While swap space can help machines with a small amount of RAM, it should
not be considered a replacement for more RAM. Swap space is located on hard drives, which
have a slower access time than physical memory.
Recommended System Swap Space

Amount of RAM in the System Recommended Amount of Swap Space
4GB of RAM or less a minimum of 2GB of swap space

4GB to 16GB of RAM a minimum of 4GB of swap space
512GB TO 1TB of RAM a minimum of 64 GB of swap space
The Basic Rule for the Size of SWAP:

Apart from the above recommendation a basic rule is applied to create the swap partitions
• if the size of the RAM is less than or equal to 2GB, then size of SWAP=2 X RAM
SIZE
• If the size of the RAM is more than 2GB, then size of SWAP= 2GB + size of the RAM
Swap space is compulsory to be created at the time of installation. But, additional swap spaces
can be created and deleted at any point of time, when it is required. Sometimes we need to
increase the swap space, so we create additional swap spaces which will be added to the
existing swap space to increase the size.
Page 62 of 273
Commands to be used in maintaining Swap spaces
• To see the memory size and the swap space size

#free –m, #free -h
• To see the swap usage use

#swapon –s
• To format the partition with swap file system use

#mkswap <parititon name>
• To activate the swap space use

#swapon <partition name>
• To deactivate the swap space use

#swapoff <partition name>
Creating a Swap partion
• Create a normal partition using fdisk and change hex code to make it swap partition.
• The hex code for SWAP is 82. (To change the use t in fdisk and list all the hex code use l)
• Update the partition table using partprobe command
Page 63 of 273
Format the partition with swap file system
#mkswap /dev/sda6
Turn on the newly created swap space and verify it.

• To turn on the swap space the syntax is
#swapon /dev/sda6
Making the Newly Created SWAP Partition to be activated after reboot

• In order to make the swap partition mount automatic after reboot, we need to make an
entry in /etc/fstab file.
#vim /etc/fstab
Note: In place of device name (sda6) blkid can also be used
• To Test auto activation of swap after putting entries in fstab use the following command
#swapon –a (It works the same way how mount –a would work)
Removing the SWAP Partition

• Deactivate the swap partition
#swapoff <device name>
• Remove the entry from /etc/fstab.
• Delete the partition through fdisk
Page 64 of 273
Using File as a Swap Space:
At times it is seen that disks may run out ot space and a partition may not be created to add a new
swap space. In this situation a file can also be used as a swap space.
Steps to Create File as a swap space.
Step1: Create a file with required size like 1G for example, using dd command
#dd if=/dev/urandom of=/swap-file bs=1M count=1024
Step2: Change the permission of the file to 600
Step3: Format the file with swap file system

#mkswap –f /swap-file
Step4: Activate the swap file

#swapon /swap-file
Step5: Make it permanent by adding entry in /etc/fstab
Page 65 of 273
Logical Volume Management
The Linux Logical Volume Manager (LVM) is a mechanism to virtualize the disks. It can create
"virtual" disk partitions out of one or more physical hard drives, allowing you to grow, shrink,
or move those partitions from drive to drive as your needs change. It also allows you to create
larger partitions than you could achieve with a single drive. Traditional uses of LVM have
included databases and company file servers, but even home users may want large partitions
for music or video collections, or for storing online backups. LVM can also be convenient ways
to gain redundancy without sacrificing flexibility.
A typical example for the need of LVM can be, assuming that we are having a disk of size 2GB
and we start adding the data in the form of a single file, eventually it grows to the size of 2GB.
In this case the possibility is, you go for another disk which is larger than 2GB, let’s say 4GB.
But what if the file again grows more than 4GB? How far you will be migrating file from one
disk to another so on and so forth? It requires a down time as well which is not possible in
real time, so to avoid these circumstances we implement LVM and store data in LV’s whose
size can be easily increased whenever required without a downtime.
The Basic structure of LVM
Above picture shows the structure of LVM. LVM consists of Physical Volumes, Volume Group,
Logical Volumes and finally file systems. The Physical partitions are known as Physical
Extents (PE), and the logical partitions are known as logical Extents (LE)
Page 66 of 273
Components of LVM in Linux:
• Physical Volumes (PV)
• Physical Extent (PE)
• Volume Group (VG)
• Logical Volume (LV)
• Logical Extent (LE)
Physical Volume (PV)

It is the standard partition that you add to the LVM. Normally, a physical volume is a standard
primary or logical partition with the hex code 8e.
Physical Extent (PE)

It is a chunk of disk space. Every PV is divided into a number of equal sized PEs.
Volume Group (VG)

It is composed of a group of PV’s and LV’s. It is the organizational group for LVM.
Logical Volume (LV)

It is composed of a group of LEs. You can format and mount any file system on an LV. The size
of these LV’s can easily be increased or decreased as per the requirement.
Logical Extent (LE)

It is also a chunk of disk space. Every LE is mapped to a specific PE.
LVM Command Function
pvs Displays all the physical volumes

vgs Displays all volume groups in the system
Lvs Displays all the logical volumes in the system
pvdisplay Displays detailed information on physical volumes
vgdisplay Displays detailed information on volume groups
lvdisplay Displays detailed information on logical volumes
pvcreate Create a new physical volume
vgcreate Create a new volume group.
lvcreate Creates a new logical volume
vgextend Add a new physical disk to a volume group.
vgreduce Reduces a volume group by removing a PV from it.
lvextend Extends the size of a logical volume
lvreduce Reduces the size a logical volume
lvresize Resizes a logical volume, i.e., increase as well as decrease the size
pvmove Moves the contents of a PV from one PV to another
lvremove Removes /Deletes a logical volume
vgremove Removes /Deletes a volume group
pvremove Removes/Deletes a PV
Page 67 of 273
LAB WORK:-
Creating a Physical Volume (PV)

• Create a partition using fdisk, and change the hex code of it to 8e.
• Save and exit the fdisk and update the partition table using partx –a command
• Create a PV on newly created partition i.e. /dev/sda7.

• Verify it by pvs or pvdisplay command
• Syn: #pvcreate <partition name>
#pvcreate /dev/sda7
• The above command will list all the PVs in the system, if you want to see the details only
for a particular PV, then use
#pvdisplay <partition name> i.e. #pvdisplay /dev/sda7
Page 68 of 273
Creating a Volume Group (VG)
• After creating a PV, the next step is to create a Volume Group or VG
• To create a VG the syntax is
#vgcreate <name for the VG> <PV name>
#vgcreate myvg /dev/sda7
• Verify it by using the following command

#vgs or #vgdisplay <vgname>
• To check all the VGs detail you can also use the command
#vgdisplay
• It will list out all the VGs in the system in detail.
Page 69 of 273
Logical Volume Creation
• Once we are ready with a Volume Group then it’s the time to create a Logical Volume LV
• The syntax for creating an LV is
• #lvcreate –L <size of LV> -n <name for LV> <VG name>
• #lvcreate –L 300M –n mylv myvg (To create a LV of 300MB)
• Verify the LV by using the following commands

• #lvs or #lvdisplay to display all the LVs available in the system
• #lvdisplay <VG name> to display the LVs of a particular Volume Group
• #lvdisplay myvg
• Note: The output for only lvdisplay command is very lengthy to show, it is recommended
that you run the command on the system and check it out. The syntax is given above.
Page 70 of 273
Adding File system to the LV and Mounting it.
• As per now we have our VG created so is our LV. In order make it accessible we need to
format it with a file system like ext4 or xfs
• The syntax for formatting an LV is exactly like formatting a normal partition, Instead of
/dev/partition name we use the path of LV that will be something like /dev/vg/lv
• #mkfs.ext4 /dev/myvg/mylv or #mkfs.xfs /dev/myvg/mylv
Mounting:
• Mounting an LV is exactly same like a normal partition, again the path for mounting will
be /dev/vg/lv
• Create a directory over which the LV should be mounted.
• #mount </dev/vgname/lvname> /directory name
• #mount /dev/myvg/mylv /mydir
• Verify the mounting with mount command
• Make it a permanent mount by making an entry in /etc/fstab
#vim /etc/fstab
• Now you can access it and add the data as usual.
Page 71 of 273
Extending a Volume Group
• Extending a volume group is actually adding a new PV to the volume group.
• To extend a volume group we need to create a new partition using fdisk. Don’t forget to
change its hex code to 8e and update the partition table using partprobe command
• Create a PV on the newly created partition using pvcreate command
• Add the partition to the VG using vgextend command, the syntax for it is
• #vgextend <VG name> <PV name>
• #vgextend myvg /dev/sda8
• Verify it pvs command
Increasing the size of a logical volume

• Sometimes the file system size may be full, so we need to increase the size of the LV to
continue adding the data in it.
• The size of LV can be increased online, no downtime is required.
• Check the current size of the LV by using #df –h command.
• Increase the size of the LV by using lvextend or lvresize command, the syntax for it is
• #lvextend –L <+addition size> </dev/vg/lv name> (syntax for lvresize is also same)
• #lvextend –L +200M /dev/myvg/mylv
• Update the file system by using resize2fs command in case of ext filesystem and use
xfs_growfs in case of xfs filesystem
• #resize2fs /dev/vg/lv name, #xfs_growfs /dev/vg/lv
• #resize2fs /dev/myvg/mylv , #xfs_growfs /dev/myvg/mylv
• Verify the change by using df –h command
Page 72 of 273
• Increasing the size of the LV and updating the file system
For xfs Filesystem For ext Filesystems
• Verify it by df –h
Reducing the size of the LV

• Reducing the size of an LV is a bit complicated task, there are few things which you need
to keep in mind before reducing the size of an LV.
• LV size cannot be reduced online, it requires a down time i.e. unmounting the file
system.
• Check the consistency of the File system.
• Update the file system about the size. I.e. what its size will be after reduction.
• Finally reduce the size. Huh….! Lots of things to do!!!!
• If any of the above things are missed then it will be a mess, you may corrupt the file
system and LV.
Let’s start the steps carefully
• Check the size of the lv using df –h command
• Unmount the LV using umount command
• Check the consistency of file system by using e2fsck command
• #e2fsck -f /dev/myvg/mylv.
• Update the file system by using resize2fs command
• #resize2fs /dev/myvg/mylv 300M (where 300M is the approximate total size of LV
after reduction)
Page 73 of 273
• Now reduce the size by using # lvreduce -L -200M /dev/myvg/mylv command
• We know the size of LV is around 500MB, from previous picture in case of extending
the size of LV.
• Or else you can run df –h and verify it again.
• Umount the LV by using umount command
• Check the consistency of the file system.
• Update the file system about the size after reduction
• Finally reduce the size of the LV using lvreduce command. It will prompt you about the
change type y to continue with reduction.
• Mount the LV and run the command df-h, to verify the change in the size of LV
• #mount –a ( if an entry is passed in /etc/fstab use this command), else do manual
mounting as shown below
• #df –h
Note: xfs filesystem does not support file system reduction
Page 74 of 273
Moving or Migrating the data from one pv to another.
• There might be a situation where the PV might be failing and it is required to be
replaced, in such case, we need to migrate or move the data from such PV to the other
and isolate the PV.
• The Steps to migrate the PV are
• Access the mount point of failing PV and check the data in it,
• Verify the size of the PV by pvs command or pvdisplay command.
• Unmount the file system on that PV (optional)
• Add new PV, which should be of the same size or higher than that of the
replacing PV to the volume group.
• Migrate the PVs contents to the new PV using following command
• #pvmove <Old PV> <New PV>
• Mount back the LV, access the mount point and verify the data in it.
• Remove the faulty PV from Volume Group.
Okay! So let’s do the practical following above steps.
• Access the mount point of the failing PV and check the data in it,
• Verify the size of the PV by pvs command or pvdisplay command.
• Unmount the file system on that PV (this is optional as migration can be done online
aswell)
• #umount /mydir
Page 75 of 273
• Add new PV which should be of the same size or higher than that of the replacing PV to
the volume group.
• In our case the size of the failing PV is around 500MB, so we need to add a PV whose size
is at least 500MB or more
• I have created another partition from fdisk i.e. /dev/sda7 with the size around 500MB
• Migrate the PV’s contents to the new PV using following command

• #pvmove <Old PV> <New PV>
• #pvmove /dev/sda6 /dev/sda7
• Mount back the LV, access the mount point and verify the data in it.
• Remove the free PV from Volume Group.

• As the data is moved safely, now let’s remove the faulty PV from the volume group.
• The syntax to remove a PV from a VG is
• #vgreduce <vg name> <PV name>
• #vgreduce myvg /dev/sda6
Page 76 of 273
Deleting/Removing the LV:
• To Delete/Remove an LV, first unmount the file system.
• Remove the entry from /etc/fstab.
• Use the command lvremove i.e.
• #lvremove <LV name>
• #lvremove /dev/myvg/mylv ( it will prompt to you to continue, press y to continue)
• Verify it by using lvdisplay command
• As we was having only one LV and that is now deleted, that’s why it is not showing any
LVs after executing lvdisplay command.
Deleting a Volume Group

• To delete the volume a group, make sure that if there is any LV in it, it should not be
mounted. Because while removing a vg it will also remove LV’s inside it. In our case we
have no LV in our volume group, so we will not be concerned about it.
• To delete a VG, use the following command.
• #vgremove <vgname>
• #vgremove myvg
Deleting a Physical Volume

• Deleting a PV is very simple. The only thing we should check that the PV we are going to
delete should not belong to any volume group. We can only delete a PV which is free.
• The syntax to delete a PV is
• #pvremove <PV name>
• #pvremove /dev/sda6
• #pvremove /dev/sda7 OR
• #pvremove /dev/sda{6,7} (To remove multiple PVs in one command)
• If you want you can verify it by using pvs or pvdisplay commands
Building anything requires lots of concentration, hard work, and patience, but to destroy
it, it is just a matter of seconds. Isn’t it….!
Page 77 of 273
Creating a VG by customized PE size
• To create a VG with specifying an PE size,
• First create a partition and also create a pv
• To create a vg with custom PE size use

#vgcreate <name for the vg > -s <size of PE( 1-128)> <pv names>
#vgcreate myvg –s 16 /dev/sda5
• Verify the PE size using vgdisplay command
Page 78 of 273
Creating LV by specifying no. of LE instead of giving size in MB or GB.
• To create an LV using LE, the things to keep in mind are
• Size of LE = Size of PE
• For example if the size of PE is 16, then the size of LE will also be 16.
Steps to create an LV based on LE

• The syntax to create an LV with no. of LE is
#lvcreate –l <no. of LE> -n <name for the LV> <volume group name>
#lvcreate –l 25 –n mylv myvg
• Now check the size of the LV “mylv” using lvdisplay command

#lvdisplay myvg
Page 79 of 273
INSTALLING RHEL7/8 USING LVM PARTITIONING
• The only difference in a normal installation and LVM installation is that instead of creating
normal partition we will create a VG and then LVs for all partitions, except /boot and
swap.
• The advantage of installing Linux using LVM is that, if any of system partition is running
out of space and required more space, in case of normal partitioning it is not possible to
increase the size of a partition once it is created. But, using LVM the space can be
dynamically increased whenever it is required.
• Even if there is no space remaining in the disk some space can be borrowed from other
LVMs and can easily be assigned to required system partition to fulfill its need.
• LVM provides a greater scalability to the administrator and avoid uncertain down time to
the server.
• LVM ensures the possibility of increasing and decreasing the sizes whenever required and
prevents unnecessary loss of time.
• Start the installation normally as done previously, but only at the time of partitioning
follow the steps below.
• Select the LVM scheme and click on + to proceed.
Page 80 of 273
• Select an appropriate mount point and assign the size. Repeat it till all important mount
points are created
Page 81 of 273
• Give appropriate size and create /, /boot/, /home/, /var and swap
Note: All the sizes listed above are based on the availability of the space. It is no-where a
recommended or minimum sizes. The sizes can be based on your requirements. But /
should get more size as it will be having “/usr”, “/opt” & “/tmp” as well, which in rhel6
used to be created separately.
• Verify the sizes and click on “Done” to continue with the installation. Complete the
installation as usual as we have done previously at the beginning of the course.
• Note: /boot is automatically created as “Standard Partition” even though the scheme is
selected as “LVM”. Isn’t it awesome?
Practice the LVM Concept well; as it is the most important part in Linux and in any UNIX
operating system as well.
That sums up the LVM concept in Linux
Page 82 of 273
USER AND GROUP ADMINISTRATION
PART- I USER ADMINISTRATION
In Linux/Unix user is one who uses the system. There can be at least one or more than one
users in Linux at a time. Users on a system are identified by a username and a userid. The
username is something that users would normally refer to, but as far as the operating system
is concerned this is referred to using the user id (or uid). The username is typically a user
friendly string, such as your name, whereas the user id is a number. The words username and
userid are often (incorrectly) used interchangeably. The user id numbers should be unique
(one number per user). If you had two usernames with the same user id, effectively there
permissions would be the same and the files that they create would appear to have been
created by the same user. This should not be allowed and the useradd command will not
allow usernames to share the same userid.
Some Important Points related to Users:
• Users and groups are used to control access to files and resources
• Users login to the system by supplying their username and password
• Every file on the system is owned by a user and associated with a group
• Every process has an owner and group affiliation, and can only access the resources
its owner or group can access.
• Every user of the system is assigned a unique user ID number ( the UID)
• Users name and UID are stored in /etc/passwd
• User’s password is stored in /etc/shadow in encrypted form.
• Users are assigned a home directory and a program that is run when they login (Usually
a shell)
• Users cannot read, write or execute each other’s files without permission.
Types of users In Linux and their attributes:
USER ID GROUP ID HOME

TYPE EXAMPLE SHELL
(UID) (GID) DIRECTORY
Super User root 0 0 /root /bin/bash
/var/ftp,
ftp, ssh,
System /var/www/html /sbin/nologin
apache 1 to 999 1 to 999
User /var/named,
nobody
etc.
Normal Visitor, 1000 to 1000 to /home/user

/bin/bash
User myuser,etc 60000 60000 name
Page 83 of 273
In Linux there are three types of users.
1. Super user or root user

Super user or the root user is the most powerful user. He is the administrator user.
2. System user
System users are the users created by the software or applications. For example if we install
Apache it will create a user apache. These kinds of users are known as system users.
3. Normal user
Normal users are the users created by root user. They are normal users like Rahul, Musab
etc. Only the root user has the permission to create or remove a user.
Whenever a user is created in Linux things created by default:-

• A home directory is created(/home/username)
• A mail box is created(/var/spool/mail/username)
• unique UID & GID are given to user
Linux uses UPG (User Private Group) scheme

• It means that whenever a user is created is has its own private group
• For Example if a user is created with the name musab, then a primary group for that
user will be musab only
There are two important files a user administrator should be aware of
1. "/etc/passwd"
2. "/etc/shadow"
Each of the above mentioned files have specific formats
1. /etc/passwd
The above fields are

• root =name
• x= link to password file i.e. /etc/shadow
• 0 or 1= UID (user id)
• 0 or 1=GID (group id)
• root or bin = comment (brief information about the user)
• /root or /bin = home directory of the user
• /bin/bash or /sbin/nologin = shell
Page 84 of 273
2. /etc/shadow
root:$1fdsfsgsdfsdkffefje:14757:0:99999:7:::
The fields are as follows,

1. root = User name
2. :$1fdsfsgsdfsdkffefje = Encrypted password
3. 14757 = Days since that password was last changed.
4. 0 = Days after which password must be changed.
5. 99999 = Days before password is to expire that user is warned.
6. 7 = Days after the password is expires that the user is disabled.
7. A reserved field.
LAB WORK:-
Creating a user
• The syntax for creating a user in Linux is
• # useradd <username> <options> or #useradd <options> <username>
• options are
• -u user id
• -G Secondary group id
• -g primary group id
• -d home directory
• -c comment
• -s shell
Let’s create a user with default attributes.
• When no option is used with useradd command the options like UID, GID, home dir and
shell will be assigned default.
• #useradd <username>
• #useradd myuser
Observe that the uid, gid, home dir, and shell is assigned automatically.
Page 85 of 273
Let’s create a user with customized attributes
• Create a user with following attributes

• Name = myuser2
• uid=1050
• comment =MGR
• shell = /bin/csh ( c shell)
• #useradd –u 1050 –c MGR -s /bin/csh myuser2 (rhel7)
Assigning password to the user:
• As a root user we can assign any password to any user

• The syntax for assigning a password is
• #passwd to assign password to current user ( the one with which you have logged in, if it
is root then root’s password will be changed)
• #passwd <user name> to assign a password to a specific user, only root can assign
password to other user.
Note: If the “passwd” command is executed without any username, it would consider the
Name of active or currenty logged in user. Say, if you have logged in with root, it will
try to change the root password
Page 86 of 273
Modifying the user’s attribute
• After creating a user if we need to modify the attributes of user like changing uid, changing
secondary group id or adding a comment, locking or unlocking the user account, can be
done by following command
• Syntax. # usermod <options> <username>

• options are:
• all the options which are used with useradd command can be used and also the
following,
• -l to change login name
• -L to LOCK account
• -U to UNLOCK account
• ex. # usermod -l newname oldname (changing the name of the user)

• ex. # usermod -L username to lock the user account; #passwd –l username
• ex. # usermod -U username to unlock the user account; #passwd –u username
• Note: - when an account is locked it will show! (Exclamation mark) in /etc/shadow file.
• The account lock/unlock details can also be checked by “#passwd –S” command
Locking and unlocking a user account:

• To lock a user a/c use the following
• #usermod –L < user name>; #passwd –l <user name>
• #usermod –L myuesr; #passwd –l myuser
• Verify it in /etc/shadow file, it shows exclamation mark before user account or try using
#passwd –S <user name>
OR
“/etc/shadow” file status
Page 87 of 273
Unlocking a user a/c:
• Unlock the above a/c
• #usermod –U < user name >; #passwd –u <user name>
• #usermod –U myuser ; #passwd –u myuser
• Verify it in /etc/shadow file, it shows exclamation mark before user account or try using
#passwd –S username
OR
“/etc/shadow” file status
• Observe in both pictures that once the account is unlocked the exclamation is gone.
The password parameters

• For any user we can set the parameters for the password, like min and max password
age, password expiration warnings and a/c expiration date etc.
• To view the advanced parameters of the user, use
• #chage -l < user name>
• #chage -l myuser
• Last password change: When the password was change last time.
• Password expires: Password expiry date
• Password inactive: After password expiry grace period before the account gets locked.
• Account expires: Date on which the account expires.
• Minimum number of days b/w password change: once the password is changed, it
cannot be changed until a min period of specified date. [0] means never.
• Max number of days b/w password change: After changing the password how long it will
be valid for.
• Number of days of warning before password expires: start of warnings to change the
password, no. of days before the password expires.
Page 88 of 273
Changing the password parameters:
• Changing of the password parameters can be done by two ways.
1. #chage <user name >
2. #chage <option> <value> <username>
• Let’s see the first method and then the other.

• To set the password parameters of a user “myuser” to
• Min password age : 1 days
• Max password age: 7 days
• Password expiration warnings: 2 days before password expires
• Password inactive [-1]: 1 one day later the account will be locked, after password
expiry.
• A/C expiration date: 2017-03-31 (March 31st 2017)
• #chage myuser
• The second method is for, if you want to change a particular field of password aging policy
• #chage <option> <value> <username>
• The options which can be used are as follows
• -m for Min password age
• -M for Max password age
• -d for last time the password is changed. ( Note: if given d 0, it will force the user to change
password at next login)
• -W Password expiration warnings
• -I Password inactive [-1 means inactive].
• -E A/C expiration date
Page 89 of 273
• Let’s see how to change only the account expiration date
Likewise you can use any option listed above and change any particular field in password
aging parameters.
Forcing a user to change the password at next login:

Sometimes it is required to force the users to change their password at next login. This can
be done using following syntax
• #chage –d 0 <username>, (where 0 = zero days since last password change)
• #chage –d 0 myuser
At next login
Deleting a User:
• To delete a user the syntax used is
• #userdel <username> it will only delete the user but home directory will be there. To
delete the user with its home directory and mailbox, use the following command.
• #userdel –r < user name >
• #userdel –r myuser2
We’re now done with user administration, let’s see what’s in part-II
Page 90 of 273
PART-II GROUP ADMINISTRATION
GROUPS
• Users are assigned to groups with unique group ID numbers (the GID)
• The group name and GID are stored in /etc/group
• Each user is given their own private group
• They can also be added to their groups to gain additional access
• All users in a group can share files that belong to the group
Each user is a member of at least one group, called a primary group. In addition, a user can
be a member of an unlimited number of secondary groups. Group membership can be used
to control the files that a user can read and edit. For example, if two users are working on the
same project you might put them in the same group so they can edit a particular file that
other users cannot access.
• A user’s primary group is defined in the /etc/passwd file and Secondary groups are
defined in the /etc/group file.
• The primary group is important because files created by this user will inherit that group
affiliation.
Creating a Group with default options :
• To create a group the syntax is

• #groupadd <name for the group>
• #groupadd mygroup
Page 91 of 273
Creating a group with user specified group id (GID)
• #groupadd <option> <name for the group>

• #groupadd -g 1050 mygrp2
• Verify it in /etc/group
Modifying the properties of the group

• To modify the group properties the syntax is
• #groupmod <option> <arguments> <group name>
• The options are
• -g to change the group id
• -o to override the previous assigned id, if it matches with the new one.
• -n to change the group name
Changing the GID of the group

• #groupmod –g 1100 mygrp
• Verify it in /etc/group
Changing the name of the group

• The syntax for changing the group name is
• #groupmod –n <new name > < existing name >
• #groupmod –n mygrp mygroup
Page 92 of 273
Adding and Removing Members to a Group
• Adding single or multiple users to the group with various attributes
• #gpasswd < option> <arguments> <group name>
• Options:
• -M For Adding Multiple users to a group
• -a for Adding a single user to a group
• -A for Adding a group Administrator
• -d removing a user from a group
• #gpasswd –M <user>,<user>,<user> <group>

• #gpasswd –M u1,u2,u3 mygroup
Adding a single user using gpasswd

• #gpasswd –a u4 mygroup (verify it in /etc/group)
Making a user as an administrator of the group

• #gpasswd –A u1 mygroup (verify it in /etc/gshadow)
Removing a user from the group

• #gpasswd –d u2 mygroup
Removing a group
• #groupdel <group name>; #groupdel mygroup
Page 93 of 273
CONTROLLING ACCESS TO FILES
In this chapter we will be dealing with two things.
1. Special Permissions or Advanced Permission
2. Access Control List (ACL)
Let’s first begin with Special Permissions

1. Special Permissions or Advanced Permission
• There are three special permissions that can be assigned to a file or directory apart from
basic file permissions(rwx), they are
• SUID – SET USER ID
• SGID – SET GROUP ID
• STICKY BIT
Permission Symbolic Form Numeric Form Syntax
SETUID s or S 4 #chmod u+s or #chmod 4766
SETGID s or S 2 #chmod g+s or #chmod 2766
STICKY BIT t or T 1 #chmod o+t or #chmod 1766
Note: Where s= setuid + execute permission and S= setuid only. Same is for SGID and also
for sticky bit.
SUID – SET USER ID

Change user ID on execution. If SETUID bit is set, when the file will be executed by a user, the
process will have the same rights as the owner of the file being executed. Many of the system
commands are the best example for SUID, basically the owner of the commands will be root,
but still a normal user can execute it.
Example
• By default passwd command is having suid, so all users can run that command but if suid
is removed and a normal user wants to user execute it, then they would not be able to
use it to update /etc/shadow with new passwd.
Note: observe that in the permissions “–rwsr-xr-x” it contains an “s”, which means SUID is
placed.
• Let’s remove suid on passwd command and logged in as normal user and check the results
Page 94 of 273
SGID – SET GROUP ID
Set group ID, used on executable files to allow the file to be run as if logged into the group
(like SUID but uses file group permissions)
SGID can also be used on a directory so that every file created in that directory will have
the directory group owner rather than the group owner of the user creating the file.
Example
• When a directory is created and its group is set to some group. Now if SGID is applied to
it, and the group member creates files and directory inside it, then it will get the same
group rather than getting user’s primary group
• Let’s see it practically.
• Login as other user, access the directory, create some files and check the group it is
getting. ( It will be getting the logged in user’s group)
• Now, as a root, assign SGID on the directory

• #chmod g+s /mydir
• Try creating other files with other user(s) in the same directory, instead of getting it’s
own group it would now be inheriting directory’s group
Page 95 of 273
STICKY BIT
If sticky bit is applied on a file or directory, then only root and owner of that file or directory
can delete it. Even if others are having full permissions they cannot delete or edit the contents
of the directory
• Let see it practically.
• Apply sticky bit to the directory
• Access the directory with other user and try deleting the files
Note: If the owner or root tries to modify or delete the contents it would be allowed
Page 96 of 273
2. Access Control List (ACL)
• Define more fine-grained discretionary access rights for files and directories.
• Often, you want to share files among certain groups and specific users. It is a good practice
to designate a directory for that purpose. You want to allow those groups and users to
read, and write files in that directory, as well as create new files into the directory. Such
special permissions can be given using ACL.
To check the acl permission syntax is:

• #getfacl <option> <dir/file name>
• Options:
• -d Displays the default ACL
• -R Recurses into subdirectories
#getfacl /mydir
• Now let’s assign full permission to the directory and then apply acl on it, so that we can
analyze how acl will work.
• Okay, now we are ready to apply acl, but first lets understand the command and option
in details.
• The syntax to apply acl is
• #setfacl <option> < argument > < file or directory name >
• The options are,
• -m Modifies an ACL
• -x Removes an user/group from ACL
• -R Recurses into subdirectories
• -b completely banishing/removing the ACL from a file/directory
The possible arguments are

• u: user
• g: group
Page 97 of 273
To assign read and execute permission to a particular user the syntax could be
• #setfacl –m u: <username>: <permissions> <file or dir name>
• #setfacl –m u:u1: rx /mydir
• Verify it by using getfacl command
• Now login as u1 user and try to create a file inside /mydir, as we have not assigned write
permission to u1 user, though it is having full permissions, still it will not allow u1 user to
create a file inside it.
Observe that when you check for the permissions it is showing a + sign after normal
permission, that indicate that ACL is applied on this directory.
To assign read write and execute permission to a particular group

• #setfacl –m g:<group name>:<permissions> <file or directory name>
• #setfacl –m g:g1:rwx /mydir
Now you know how to apply acl on any file or directory, let me just give one more examples
which you can broaden your understandings.
Page 98 of 273
Assigning read and execute permission for a user and a group at same time.
• #setfacl –m u:u1:rx,g:g1:rx /mydir
Likewise you can explore applying acl to any user, group, or others in many ways.
Removing acl for a particular user

• #setfacl –x u:<username> <dir name>
• #setfacl –x u1 /mydir; #setfacl –x u:u1 /mydir
Removing acl for a particular group

• #setfacl –x g:<group name> <directory name>
• #setfacl –x g: g1 /mydir
Page 99 of 273
Removing all ACL permissions from a file or directory
• #setfacl –b <dir name>
• #setfacl –b /ktdir
As we have removed acl for a group and a user, let’s apply back some acl on ktdir and remove
it using above command
To Apply /Remove ACL recursively on a directory and its contents

• #setfacl –Rm u:u1:rwx,g:g1:rw /mydir
• #setfacl –Rb /mydir (To recursively banishing ACL from directory and its contents)
Page 100 of 273

• To remove a user or group from acl
• #setfacl –Rx g:g1 /mydir (use #setfacl –Rx u1 /mydir for a user)
To remove ACL completely from a directory recursively

• #setfacl –Rb /mydir
There are still much more experiments can be done, go ahead and read man pages for
more details
Page 101 of 273

ENHANCED USER SECURITY WITH SUDO
SUDO
• Sudo stands for either "substitute user do" or "super user do" (depending upon how you
want to look at it). What sudo does is incredibly important and crucial to many Linux
distributions. Effectively, sudo allows a user to run a program as another user (most often
the root user). There are many that think sudo is the best way to achieve "best practice
security" on Linux
• Users can login using their username and password and can issue administrative
commands placing sudo in front of the commands, e.g. sudo rpm -Uvh *.rpm , to run the
command which installs and updates programs in Linux (rpm).
• The file /etc/sudoers file has the rules that users have to follow when using sudo
command. That means that whatever commands access is provided to any user in
/etc/sudoers file, that user can only run those commands.
• Do not edit the /etc/sudoers directly; instead use "visudo" command to edit the sudoers
file. There are two reasons for that- it prevents two users from editing the file at the same
time, and it also provides limited syntax checking. Even if you are the only root user, you
need the syntax checking, so use "visudo".
Advantages of using SUDO
Two of the best advantages about using sudo are:

• Limited user privileges
As we have studied above that we can restrict users to use certain commands as a
privileged user as per the role of the user.
E.g.: Networking commands for Network user and Admin commands for Admin users etc.
Page 102 of 273

• Logs of the actions done by users
All commands executed by sudo users will be stored in /var/log/secure file, but still if you
want you can make your own log file by passing an entry in /etc/sudoers file at the bottom
as “Defaults logfile=/var/log/sudo.log” or whatever name you want, to save the logs of
what commands is executed by which sudo user.
The /etc/sudoers file

• As we learnt above that it is the configuration file for sudo users, which is used to
assign specific commands to the specific users or groups.
• Always use visudo command to edit this file. it prevents two users from editing the
file at the same time, and it also provides limited syntax checking .
• When you run visudo command the output will be as follows
• As you can see there is basically one line

• root ALL=(ALL) ALL
• This lines means that the user root can execute from ALL terminals, acting as ALL (any)
users, and run ALL (any) command.
• So the first part is the user, the second is the terminal from where the user can use
sudo, the third is as which user he may act, and the last one, is which commands he
may run.
• The advantage of visudo command , while editing if there are any syntax error it will
be reflected as follows
Page 103 of 273

LAB WORK:-
Allow a user “myuser” all privileges like root
• To assign root privileges to user add a line by using sudoers file as shown below.
#visudo (save the sudoers file as we save a vim file using “wq!”)
• Now logged in as myuser and run admin commands like fdisk –l etc
• First try to run fdisk command normally and see what happens.
It will not allow a normal user to run privileged user’s command
• Now run the same command using sudo before command

#sudo fdisk –l (or) #sudo fdisk /dev/sda
Note: Only for the first time of the session it will prompt for user’s password to continue,
but for rest of the process it will continue normally as shown below
Page 104 of 273

Allow a group called mygroup, all root previleges.
• Let’s first check the members of mygroup and then apply root previleges.
#tail /etc/gshadow
• Okay as we know the users in mygroup, let’s assign it root previleges.

#visudo and look for the below line.
• Now, login as one of the user of mygroup try root commands
Page 105 of 273

Allow a user “myuser2” to run all commands without prompting for his password any time.
• To allow run all commands, the syntax we have already seen, but allow him run
command’s without prompting password a small change is to be made,
• Now login as that user and check whether password is prompted or not
Note: - The same can be done for groups also, try it!
Restrict a user “myuser” to run only two root commands.

• This task is very simple; just modify the previous permissions assign to myuser.
• Let’s give myuser to run only #fdisk and #parted command access.
• First check the complete path of those command by using following command
#which fdisk
#which parted
• Let’s assign both above paths in sudoers file

#visudo
Page 106 of 273

• Login as myuser and try assigned commands and other commands as well
Note: - Try the same for groups also. It is exactly same
Allow a group “mygroup” to run only network related commands as sudo user
• To allow a group run only network commands, first uncomment the following line
Observe that we have just remove ‘#’ before the line to make the line readable. And also
observe that it contains all networking commands.
• Just replace “ALL” with “NETWORKING” from the last field of mygroup line.
NOTE: - NETWORKING is the name of the command alias, which was uncommented line.
• Now login as one of the member of mygroup and try some commands assigned it.
Page 107 of 273

Create a customize commands alias and assign it to mygroup with network command.
• Okay, first we need to create an alias say ”CUSTOM” with some commands and assign it
to mygroup in addition to NETWORK commands.
• Let’s firs get the path of the command need to be in CUSTOM alias
• Okay, now let’s create an alias for these commands and assign it to mygroup
• #visudo
• What are you waiting for! Assign it to ktgroup and save the file.
• Login as one of the users in mygroup and try newly added commands.
Allowing user all commands except few commands

• Most of the time it might require to block few commands from users, even though all
commands have been granted. It is an important aspect as per the security view.
• Let’s assume we want to block “visudo” and “su” commands
• Find out the path of those two command needs to be block
Page 108 of 273

• Now, allow all the commands to myuser and block the above two by using an “!”
exclamation mark
• Login as myuser, try other commands and then go for blocked one and check whether
they are allowed or not
Now let’s try the blocked ones:
Note: As a user to know how many commands are allowed via sudo, login as a user and run
#sudo –l command
Note: Checkout sudoers file for more option and try it out on your own!!!!
Page 109 of 273

Network Configuration & Troubleshooting
Networking:
It is a connection between two or more machines to communicate with each other.
The basic requirements for Networking are:

1. NIC (Network Interface Controller or Card)
2. Media
3. Topology
4. Protocol
5. IP Addresses
1. NIC (Network Interface Controller or Card)

A network interface controller (also known as a network interface card, network
adapter, LAN adapter and by similar terms) is a computer hardware component that
connects a computer to a computer network. Each NIC will be having a unique MAC
addresses (Media Access Control address) to avoid conflicts between same NIC adapters.
In Linux these NIC adapter is represented by the word “eth” or “ens”. Example if there
are two Ethernet adapters in the system then it will be denoted as eth0, eth1, ens1, ens2
etc.
2. Media
Media is the medium via which two different computer’s NIC card will be connected. The
best example for media is Cable. Example RJ 45, CAT 5 etc.
3. Topology
Topology is the scheme or design in which the computers in the network will be connected
to each other. Example for topology is Bus, Ring, star, mesh, tree topologies. The following
pictures explain it better.
Ring Network Mesh Network

Bus Network Topology Star Network
Topology Topology
Topology
Tree Network
Topology
Page 110 of 273

4. Protocol
A network protocol defines rules and conventions for communication between network
devices. Protocols for computer networking all generally use packet switching techniques
to send and receive messages in the form of packets.
Network protocols include mechanisms for devices to identify and make connections with
each other, as well as formatting rules that specify how data is packaged into messages
sent and received. Some protocols also support message acknowledgement and data
compression designed for reliable and/or high-performance network communication.
Hundreds of different computer network protocols have been developed each designed
for specific purposes and environments.
Examples for Protocols are TCP/IP (Transmission Control Protocol), UDP (User Datagram
Protocol), HTTP. The most widely and regularly used protocols for transferring data are
TCP and UDP. Let’s analyze some basic differences between TCP/IP and UDP.
TCP/IP UDP
Transmission Control Protocol User Datagram Protocol
It is connection Oriented Connectionless
Reliable Non-Reliable
TCP Acknowledgement will be No Acknowledgement for UDP
sent/received
Slow Communication Faster Communication
Protocol Number for TCP is 6 Protocol Number for UDP is 17
HTTP, FTP, SMTP uses TCP DNS, DHCP uses UDP
5. IP ADDRESS
An IP address can be thought of as being similar to a phone number. Just as every person
who communicates with a telephone is using a phone with a unique phone number, every
computer that is on the Internet has a unique IP address. Not only on internet but within
an organization every computer is assigned an IP address so that they can communicate
with each other. Basically IP addressing is very deep concept. To understand the concept
of IP address we need to understand some important aspect of IP Address which is
• IP Address Classes
• Subnet mask
• Gateway
The above concepts in IP Addressing are very important to understand networking clearly.
Page 111 of 273

• IP Address Classes
The IP addresses are further broken down into classes. These classes are A, B, C, D, E and
their possible ranges can be seen in Figure below.
*CIDR - Classless Inter-Domain Routing

* 127.0.0.0 to 127.255.255.255 is reserved for loopback address
Loopback
A special IP number (127.0.0.1), that is designated for the software loopback interface of a
machine. 127.0.0.0 Through 127.255.255.255 is also reserved for loopback and is used for
internal testing on local machines.
Multicast
Multicasting allows a single message to be sent to a group of recipients. Emailing,
teleconferencing, are examples of multicasting. It uses the network infrastructure and
standards to send messages.
• Subnet Mask
A subnet mask allows users to identify which part of an IP address is reserved for the network
and which part is available for host use. By looking at the IP address alone, especially now
with classless inter-domain routing, users cannot tell which part of the address is which.
Adding the subnet mask or netmask gives users all the information needed to calculate
network and host portions of the address with ease. In summary, knowing the subnet mask
can allow users to easily calculate whether IP addresses are on the same subnet or not.
A commonly used netmask is a 24-bit netmask as seen below.
Netmask: 255. 255. 255. 0

Binary: 11111111 11111111 11111111 00000000
Netmask length 8 16 24 --
Page 112 of 273

• Gateway
A gateway is a network point that provides entrance into another network. On the Internet,
a node or stopping point can be either a gateway node or a host (end-point) node. Both the
computers of Internet users and the computers that serve pages to users are host nodes. The
computers that control traffic within your company's network or at your local Internet service
provider (ISP) are gateway nodes.
For example let’s say our network is 192.168. something and we want
to send a file to other computer on 10.10.network, so we need a gateway to communicate
between two computers of different networks.
Some Important configuration files/directories of network configurations
#/etc/sysconfig/network-scripts is the directory which keeps the configuration of network

devices connected to the system.
RHEL6 RHEL7/8
#/etc/sysconfig/network (in rhel6) & #/etc/hostname (in rhel7) is the files which keeps the
information about the hostname assigned to the system. If you want to change the hostname
permanently, you need to change the hostname in this file.
RHEL6
RHEL7/8
#/etc/hosts a file which is responsible for resolving hostname into IP locally, in other word it
acts as local DNS if DNS server is not accessible. There is no change In this file in either versions
#/etc/resolv.conf is a file which keeps the address of DNS server to which the clients will be
accessing to resolve IP to hostname and hostname to IP.
Page 113 of 273

LAB WORK:
• To check the ip address assign to all the interfaces

#ifconfig
• To chech the ip of a particular interface

#ifconfig < adapter name >
#ifconfig eth0; #ifconfig ensxx
• To check the hostname of the system.

#hostname
• To check ip of the host

#hostname –i
Page 114 of 273

• To check whether DNS is resolving or not
#host < ip address >
#host 192.168.10.95
#host <hostname>
#host mylinux.kt.com
• Same with “nslookup” command

#nslookup < ip address >
#nslookup < hostname >
• The most common command used to check DNS function is “dig”

#dig <hostname>
Page 115 of 273

With ip address
#dig –x <ip address>
#dig –x 192.168.10.98
• Checking network connectivity using ping command

#ping < ip address >
#ping 192.168.10.95
Note: use ctrl + c to stop pinging.
• To limit the pinging for specific number of counts

#ping –c <counts> <ip address>
#ping –c 2 192.168.10.95
Page 116 of 273

Changing the hostname
• Check the current hostname with hostname command
• The syntax for changing the hostname is
#hostname <new name>
#hostname mlinux6.mb.com
Note: The above change is temporary and will be last only till you are logged in, if you want
to change it permanently edit the /etc/sysconfig/network (rhel6) and /etc/hostname (rhel7)
file and then logout and login to confirm the change.
#vim /etc/sysconfig/network; #vim /etc/hostname delete the previous hostname and add
the new name.
• Now logoff and logon and check the hostname
Note: Once you logout and login again the change will be permanent, observe the highlighted
region above.
• hostnamectl command
In rhel7 a new command has been introduced to see the hostname/system details as well as
changing hostname permanently.
• Changing hostname permanently with hostnamectl command

#hostnamectl set-hostname <new name>
Page 117 of 273

Assigning /Changing the IP Address
Steps for changing the IP Address
To change the IP Address use the following command line
To see the all the available connection

#nmcli con show
To see the details of any connection

#nmcli con show <connection name>
To add a new connection

#nmcli con add con-name <name of connection> ifname <interface name> type <type
of connection> autoconnect <yes/no> ip4/ip6 <ip add> gw4/gw6 <gateway>
To activate a connection
#nmci con up <con name>
Page 118 of 273

To modify an existing connection
#nmcli con mod <con-name> attributes <value>
To delete a connection
#nmcli con del <con-name>
Using nmtui for a text based tool

#nmtui
Move the cursor to Edit a connection and press Enter
Move the cursor to ‘Add’ to add a new connection and press Enter
Page 119 of 273

Now select the type of connection, ex., Ethernet and press Enter
Assign the connection name, Device name and change the ipv4 from automatic to manual
to continue
• Move the cursor to <Show> to add the IP ADDRESS
Page 120 of 273

Move the cursor to “add” to assign the ip address move cursor to “ok” Enter.
move the cursor to “Quit” button and press Enter to quit the utility
Check the connection by nmcli con show command
Page 121 of 273

In the same fashion, the hostname, connections can be created and modify
• To Know more about the NIC card/adapter use

#ethtool <adapter name>
• To see the same in summarized way

# mii-tool <adapter name>
Page 122 of 273

NIC TEAMING
NIC teaming is the concept of combining or bonding 2 or more network interfaces

into one logical interface to provide high throughput and redundancy. This practice
is popular especially with critical servers where high availability is expected at all
times. In a server with 2 or more NIC cards, the concept of NIC teaming is critical in
the event where one NIC card fails. With NIC teaming, the logical network interface
will ensure that the remaining NIC will continue functioning and serving the
purpose of the defective NIC. In this guide, we take you through the configuration
of NIC teaming in CentOS 8 and RHEL 8.
Let’s take a look at some of the concepts around
 Teamd – This is a daemon that allows you to configure a team network

interface. Teamd is a part of the libteam project and leverages the libteam
library for implementation of load balancing and round-robin logic.
 Teamdctl – This is a utility tool for querying an instance of teamd for
configuration information and detailed statistics.
 Runners – These are distinct units of code in JSON format used for
implementing different concepts of NIC teaming such as Round robbin
The modes of the Runners:
 Round-robin: In this mode, data is transmitted across all ports in turn.

 Load-balance: Traffic is distributed across all NICs.
 Active-backup: Where one link or port is activated as the rest are reserved as
a backup. This is used for failover to provide redundancy as we shall later see
in this guide.
Page 123 of 273

Steps to configure NIC teaming
Creating a NIC team adapter
$ nmcli connection add type team con-name team0 ifname team0 config
'{"runner": {"name": "activebackup"}}'
Check the details of network connection

nmcli connection show
Modify the team connection properties as per requirement

$ nmcli con mod team0 ipv4.addresses 192.168.10.100/24
$ nmcli con mod team0 ipv4.gateway 192.168.10.1
$ nmcli con mod team0 ipv4.dns 8.8.8.8  (optional)
$ nmcli con mod team0 ipv4.method manual
$ nmcli con mod team0 connection.autoconnect yes
Adding the slaves to the team

$ nmcli con add type team-slave con-name team0-slave1 ifname enp0s8
master team0
$ nmcli con add type team-slave con-name team0-slave2 ifname enp0s9
master team0
Page 124 of 273

To View the team interface and slaves, run the command:
$ nmcli connection show
Restart or just up the team0 connection

$ nmcli connection down team0 && nmcli connection up team0
Or
$nmcli con up (this is also fine to refresh a connection)
Check the IP for team0

$ip addr show team0 or ifconfig team0
To check the details of team
Page 125 of 273

Testing the failover in active-backup team setup
To test the functionality of active-backup team setup fail the active adapter
and check the network reachability
$ nmcli device disconnect enp0s8/ ifconfig down enp0s8
$ sudo teamdctl bond0 state
Deleting the team adapter/connection

 Bring down team adapter/connection
 Delete slaves first and finally the team adapter/connection
Page 126 of 273

The same way you can create NIC-TEAM for load-balancer
 nmcli connection add type team con-name team0 ifname team0 config
'{"runner": {"name": "loadbalance"}}'
or
 nmcli connection add type team con-name team0 ifname team0 config
'{"runner": {"name": "roundrobin"}}'
Rest of the process is same as we did earlier by modifying team by adding IP and
setting other parameters
Adding slaves to the team
Restart the team0 connection to update the changes and check the IP and team
details.
Page 127 of 273

Check the details of the team
Testing the load-balance of the team
Page 128 of 273

MANAGING SELINUX (BASICS OF SELINUX)
Basic SELinux Security Concepts
• SELinux is a security enhancement to Linux that allows users and administrators more
control over which users and applications can access which resources, such as files.
Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the
user and applications that the user runs, whereas SELinux access controls are
determined by a policy loaded on the system and not changeable by careless users or
misbehaving applications.
• SELinux also adds finer granularity to access controls. Instead of only being able to
specify who can read, write or execute a file, for example, SELinux lets you specify who
can unlink, append only, and move a file and so on. SELinux allows you to specify
access to many resources other than files as well, such as network resources and inter-
process communication (IPC).
• SELinux provides a flexible Mandatory Access Control (MAC) system built into the
Linux kernel. Under standard Linux Discretionary Access Control (DAC), an application
or process running as a user (UID or SUID) has the user's permissions to objects such
as files, sockets, and other processes. Running a MAC kernel protects the system from
malicious or flawed applications that can damage or destroy the system. The following
picture explains more detailed about both Access controls.
Page 129 of 273

• The SELinux Decision Making Process
When a subject, (for example, an application), attempts to access an object (for
example, a file), the policy enforcement server in the kernel checks an access vector
cache (AVC), where subject and object permissions are cached. If a decision cannot be
made based on data in the AVC, the request continues to the security server, which
looks up the security context of the application and the file in a matrix. Permission is
then granted or denied, with an avc: denied message detailed in /var/log/messages if
permission is denied. The security context of subjects and objects is applied from the
installed policy, which also provides the information to populate the security server's
matrix.
• Important SELinux configuration Files

/etc/selinux/config is the main configuration file of SELinux.
/etc/sysconfig/selinux contains a symbolic link to the actual configuration
file, /etc/selinux/config.
Note: If you want to turn on or off the SELinux security you need to make changes in the main
configuration file i.e. /etc/selinux/config file. Well we’ll see it later in this chapter.
Page 130 of 273

Modes of SELinux
• There are three modes in which SELinux can be at a time, they are
• Enforcing, Permissive and Disabled
• Enforcing
Enable and enforce the SELinux security policy on the system, denying access and
logging actions
• Permissive
Permissive mode is similar to Debugging Mode. In Permissive Mode, SELinux
policies and rules are applied to subjects and objects, but actions ( for example,
Access Control denials) are not affected. The biggest advantage of Permissive
Mode is that log files and error messages are generated based on the SELinux
policy implemented.
• Disabled
SELinux is turned off and no warn and log messages will be generated and stored.
Booleans
• Booleans are variables that can either be set as true or false. Booleans enhance the effect
of SELinux policies by letting the system administrator fine tune a policy. A policy may
protect a certain daemon or service by applying various access control rules. In real world
scenarios, a system administrator would not like to implement all the access controls
specified in the policy.
SELinux Policy
• The SELinux Policy is the set of rules that guide the SELinux security engine. It defines types
for file objects and domains for processes. It uses roles to limit the domains that can be
entered, and has user identities to specify the roles that can be attained. In essence, types
and domains are equivalent, the difference being that types apply to objects while
domains apply to processes.
SELinux Context
• Processes and files are labeled with a SELinux context that contains additional
information, such as a SELinux user, role, type, and, optionally, a level.
Page 131 of 273

LAB WORK:-
To check the SELinux Mode

#getenforce
#sestatus
RHEL6 RHEL7/8
Note: Observe that there is a small change between 6, 7&8, which the mount point
Display the SELinux context of a file or directory.

• To display the context of a file the syntax is
#ls –Z <filename>
• To display the context of a directory the syntax is

#ls –ldZ <directory name>
Changing the SELinux Context of a file or directory

• To change the context of the file the steps are
• Check the existing context of the file by
#ls –ldZ <filename>
Observe that the type is admin_home_t, let’s change it to public_content_t, so that it will be
available for all users.
Page 132 of 273

• To change the context of a file or directory the syntax is
#chcon –t <argument> <file/dir name>
#chcon –t public_content_t myfile
• To change the context for a directory and its contents

• Check the context of both directory and its contents
• To change the context for a directory and its contents, the syntax is
#chcon –R –t <argument > <dir name>
#chcon –R –t public_content_t mydir
Restoring back the modified SELinux context to its default value

• To restore the modified/changed SELinux context of a file to its default one, the syntax is
#restorecon –v <filename>
#restorecon –v myfile
Page 133 of 273

• To restore back the same of a directory with its contents, the syntax is
#restorecon –Rv <dir name >
#restorecon –Rv mydir
Note: For restoring the context of only the dir except its contents do not add “R” in the
command.
Changing the default context for the file:

In this case we want to change the default context of the file, so that even the context is
restored any time it should be changed to the context we want.
• First of all check the present context on the file
• Let’s change the default context to something required for example samba_share_t
# semanage fcontext -a -t samba_share_t /myfile
• The -a option adds a new record, and the -t option defines a type (samba_share_t).
Note: running this command does not directly change the type - myfile is still labeled
with the etc_runtime_t type:
• The semanage fcontext -a -t samba_share_t /etc/file1 command adds the following

entry to /etc/selinux/targeted/contexts/files/file_contexts.local:
• Now restore the context and verify is it changing by default to samba_share_t
Page 134 of 273

Changing the default context for the directory and its content:
In this case we want to change the default context of the dir, so that even the context is
restored any time it should be changed to the context we want.
• First of all check the present context on the file
• Let’s change the default context to something required for example

httpd_sys_content_t.
# semanage fcontext -a -t httpd_sys_content_t "/mydir(/.*)?"
[root@mlinux3 ~]# semanage fcontext -a -t httpd_sys_content_t "/mydir(/.*)?"
• The -a option adds a new record, and the -t option defines a type
(httpd_sys_content_t). The "/mydir(/.*)?" regular expression causes
the semanage command to apply changes to the /mydir/ directory, as well as the files
in it.
• Note: running this command does not directly change the type - /mydir/ and files in
it are still labeled with the default_t type:
• The semanage fcontext -a -t httpd_sys_content_t”/mydir(/.*)?” command adds the

following entry to /etc/selinux/targeted/contexts/files/file_contexts.local:
• Now restore the context and verify is it changing by default to httpd_sys_content
Page 135 of 273

Checking the Booleans and modifying it.
• To see the Booleans of a particular service, the syntax is
#getsebool –a |grep <service name >
#getsebool –a |grep ftp
Note1: if grep is not used it will list Booleans for all the services in the system and output will
be very lengthy.
Note2: Booleans can only be checked and changed when SELinux is in enforcing or Permissive
modes; if the SELinux is in disabled mode Booleans cannot be modified.
• To change any Boolean just copy the Boolean and give the option (the only possible option
for a Boolean to enable and disable is on/off). The syntax for changing Boolean value is
#setsebool < Boolean > < option (on/off) >
#setsebool allow_ftpd_anon_write on; Verify the change with getsebool command.
• Making boolean permanent

#setsebool –P <Boolean> on/off to make change permanent
Page 136 of 273

Changing the Modes of SElinux
• To change the mode of SElinux the syntax is
#setenforce <option>
Options used are 0 or 1 (Where 0 means Permissive and 1 means Enforcing)
• To change the SELinux Mode to permissive
#setenforce 0
• Verify it by getenforce or sestatus command.
• To change the SELinux Mode back to Enforcing mode

#setenforce 1
• Verify the change
Page 137 of 273

Disabling and Enabling the SELinux Security
• To disable the SELinux protection or to change it to disabled Mode
• Edit the /etc/selinux/config file and change SELINUX=disabled
• Whenever changing the mode of SELinux from Enforcing/Permissive to Disabled or
Disabled to Permissive/Enforcing, you need to restart the system so that the changes can
take effect.
• First check the current status of SELinux and the configuration file.
• Now, edit the configuration file, restart the computer and check the status.
#vim /etc/selinux/config
#reboot (to reboot the system)
To Enable it back the procedure is exactly same as above, instead of SELINUX=disabled

change it to SELINUX=enforcing or permissive. Don’t forget to restart the system, unless the
system is rebooted the changes will not take effect.
Page 138 of 273

BOOTING PROCEDURE
Press the power button on your system, and after few moments you see the Linux login
prompt.
Have you ever wondered what happens behind the scenes from the time you press the power
button until the Linux login prompt appears?
The following are the 6 high level stages of a typical RHEL7/8 boot process.
TARGETS
Targets has replaced runlevels in 7/8
RHEL6 RHEL7/8
1. BIOS/UEFI
• BIOS stands for Basic Input/Output System, UEFI stands for Unified Extensible
Firmware Interface
• Performs some system integrity checks
• Searches, loads, and executes the boot loader program.
• It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically
F12 of F2, but it depends on your system) during the BIOS startup to change the boot
sequence.
• Once the boot loader program is detected and loaded into the memory, BIOS gives
the control to it.
• So, in simple terms BIOS/UEFI loads and executes the MBR/GPT boot loader.
Page 139 of 273

2. MBR/GPT
• MBR stands for Master Boot Record, GPT stands for GUID Partition Table
• It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
• MBR is less than 512 bytes in size. This has three components 1) primary boot loader
info in 1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in
last 2 bytes.
• It contains information about GRUB/GRUB2 (or LILO in old systems).
• So, in simple terms MBR loads and executes the GRUB boot loader.
3. GRUB2
• The default bootloader used on RHEL 7&8 is GRUB 2. GRUB stands for GRand Unified
Bootloader. GRUB 2 replaces the older GRUB bootloader also called as legacy GRUB.
• The GRUB 2 configuration file is located at /boot/grub2/grub.cfg and link at
/etc/grub2.cfg(Do not edit this file directly).
• GRUB 2 menu-configuration settings are taken from /etc/default/grub when
generating grub.cfg.
• If changes are made to any of these parameters, you need to run grub2-mkconfig to
re-generate the /boot/grub2/grub.cfg file
• #grub2-mkconfig –o /boot/grub2/grub.cfg
initramfs
• The job of the initial RAM file system is to preload the block device modules, such as for
IDE, SCSI, or RAID, so that the root file system, on which those modules normally reside,
can then be accessed and mounted.
• The initramfs is bound to the kernel and the kernel mounts this initramfs as part of a
two-stage boot process.
• The dracut utility creates initramfs whenever a new kernel is installed.
• Use the lsinitrd command to view the contents of the image created by dracut
4. Kernel
• Mounts the root file system as specified in the “root=” in grub2.conf
• Kernel executes the systemd program
Since system is the 1st program to be executed by Linux Kernel, it has the process id (PID) of
1. Do a ‘ps -ef | grep init’ and check the pid.
Page 140 of 273

5. Systemd
1. systemd is the ancestor of all processes on a system.

2. systemd reads the file linked by /etc/systemd/system/default.target (for example,
/usr/lib/systemd/system/multi-user.target) to determine the default system target
(equivalent to run level). The system target file defines the services that systemd
starts.
3. systemd brings the system to the state defined by the system target, performing
system initialization tasks such as:
1. Setting the host name
2. Initializing the network
3. Initializing SELinux based on its configuration
4. Printing a welcome banner
5. Initializing the system hardware based on kernel boot arguments
6. Mounting the file systems, including virtual file systems such as the
/proc file system
7. Cleaning up directories in /var
8. Starting swap
6. Runlevel/Targets
• Prior to RHEL 7, runlevels were used to identify a set of services that would start or
stop when that runlevel was requested. Instead of runlevels, systemd uses the
concept of targets to group together sets of services that are started or stopped. A
target can also include other targets (for example, the multi-user target includes an
nfs target).
• Depending on your default init level setting, the system will execute the programs
from one of the following directories.
Traditional runlevel New Target name Symbolically linked to...

Runlevel 0 runlevel0.target poweroff.target
Runlevel 1 runlevel1.target rescue.target
Runlevel 2 runlevel2.target multi-user.target
Runlevel 5 runlevel5.target graphical.target
Runlevel 6 runlevel6.target reboot.target
To know more about targets, pl read /etc/inittab file
LAB WORK:-
To check the default run level in linux
• To see the default run level in linux the command is
#who –r
Page 141 of 273

Changing the default run level/target
• To check the default run level
#systemctl get-default
• To change the default target/runlevel

#systemctl set-default multiuser.target
Now reboot the system and check in which runlevel it is.

#reboot
• To start the graphical interface when you are in runlevel 3, use the following command
#startx
To see the details regarding the kernel installed

• To see the version of the kernel use
#uname –r
• To see the same thing with more details use

#uname –a
Note: The same information can be seen in /boot/grub2/grub2.cfg
Page 142 of 273

To change the default values in grub2 configuration file
• Changing the default timeout value in grub2.cfg
• Check the present timeout value with following command
• Make the changes in /etc/default/grub file as per the requirement
• Update the change in grub2 config file by using following command

• #grub2-mkconfig –o /boot/grub2/grub.cfg
• Check back in grub2 config file whether the changes are applied
To check the architecture of the O/S

• To check the architecture of the O/S the command is
#arch
#uname –m
Page 143 of 273

To check the version of the O/S in the system
• To check the O/S version you have to navigate to the following file
# cat /etc/redhat-release or # cat /etc/os-release
Recovering the lost password in RHEL 7/8

To recover the password the steps are
• Disturb the normal boot by pressing any key when RHEL 7 booting screen is displayed
• Type “e” to edit the kernel argument
• Go to the end of kernel line “linux16”using ctrl+e, type rd.break. To continue booting
use ctrl+x
• It will boot into emergency mode
• Check in which mode /sysroot is mounted, it would be in read-only mode
• Change the /sysroot to rw, by using above command
Page 144 of 273

• Now access the /sysroot using #chroot command
• To change the password use command #passwd and change the passwd
• To auto relabel selinux policies, create a blank hidden file “/.autorelabel”
• Okay, Now we have successfully changed the password, type exit to leave the /sysroot
and exit emergency mode. Once selinux policies relabeled system reboots, try the new
password for root user after reboot.
Repairing the corrupted boot loader and recovering it
• There might be a situation where your boot loader i.e., GRub might got corrupted and you
want to recover it or in other word repair it. Basically the repairing of GRub means
installing a new grub on the existing one from RHEL 7/8 installation media/DVD.
• To recover the grub the steps are:
• Boot the system with RHEL 7/8 DVD
• Go to Troubleshooting and boot into Rescue installed system Mode.
Page 145 of 273

• Move the cursor to “continue” tab, and hit enter
• Observe from above pic, that now your system has been mounted on /mnt/sysroot. It
means where our system root is residing
• Press Enter to continue.
• Change the DVD root to system root in order to access OS with root credentials by using
following command
#chroot /mnt/sysroot
Page 146 of 273

• Install the grub on the /boot device i.e. /dev/sda by using following command
#grub2-install <device name>
#grub2-install /dev/sda
• If it shows no error reported, that means we have successfully recovered the grub.
• Type “exit” to exit from system root

• Again type “exit” or “reboot” to reboot the system, or “#poweroff” to shutdown the
system
All these steps are very critical and highly useful, please practice the stuff nicely.
Page 147 of 273

MANAGING INSTALLED SERVICES
• Services are programs (called daemons) that once started run continuously in the
background and are ready for input or monitor changes in your computer and respond to
them. For example the Apache server has a daemon called httpd (the d is for daemon)
that listens on port 80 on your computer and when it receives a request for a page it sends
the appropriate data back to the client machine.
• Many services are required to run all the time however many can be safely turned of for
both security reasons as running unnecessary services opens more doors into your
computer, but also for performance reasons. It may not make much difference but your
computer should boot slightly faster with less services it has to start on boot.
• One of the techniques in every Linux administrator's toolbox to improve security of a box
is to turn off unneeded services.
INTRODUCTION TO systemd and systemctl command in RHEL7/8
Systemd is a system and service manager for Linux operating systems. It is designed to be
backwards compatible with SysV init scripts, and provides a number of features such as
parallel startup of system services at boot time, on-demand activation of daemons, support
for system state snapshots, or dependency-based service control logic. In Red Hat Enterprise
Linux 7, systemd replaces Upstart as the default init system.
Systemd is a replacement to the older traditional "System V init" system . systemd stands for
system daemon. systemd was designed to allow for better handling of dependencies and have
the ability to handle more work in parallel at system startup. systemd supports snapshotting
of your system and the restoring of your systems state, keeps track of processes stored in
what is known as a "cgroup" as opposed to the conventional "PID" method. systemd is now
shipping by default with many popular Linux distributions such as Fedora, Mandriva, Mageia,
Arch Linux, CentOS 7, RHEL 7.0 (Red Hat Enterprise Linux) and Oracle Linux 7.0. systemd refers
to runlevels as targets.
Systemd Description
0 poweroff.target
1 rescue.target
2 multi-user.target
3 multi-user.target
4 multi-user.target
5 graphical.target
6 reboot.target
Page 148 of 273

Service vs systemctl commands
service systemctl Description

service name start systemctl start name.service Starts a service.
service name stop systemctl stop name.service Stops a service.
service name restart systemctl restart name.service Restarts a service.
service name reload systemctl reload name.service Reloads configuration.
service name status systemctl status name.service Check the status of the service
service --status-all systemctl list-units --type Displays the status of
service --all all services.
systemctl is-active name.service Checks if a service is

running.
Chkconfig vs systemctl commands
chkconfig systemctl Description
chkconfig --list name systemctl status name Checks if a service is

enabled
chkconfig service on systemctl enable service Enables a service
chkconfig service off systemctl disable service Disables a service
Systemctl is-enable service Checks if a service is
enabled
LAB WORK:-
To check the status of ftp service “vsftpd”

• To check the status of the above service
#systemctl status vsftpd
Page 149 of 273

To stop the ftp services
• To start the ftp service, the command is
#systemctl stop vsftpd
Reload the ftp services, may be required after doing some change in config file.
• To reload the service, the command is
#service crond reload
To restart the ftp or any service required when reload does not work
• To restart the ftp services, the command will be
#systemctl restart vsftpd
Check the status of the service availability.

• To check the status of the service availability, use
#systemctl status vsftpd
Make the service enable at boot for vsftpd .

• To make the service enable at boot vsftpd service,
#systemctl enable vsftpd.service
Page 150 of 273

Make the service availability disabled for vsftpd
• To make the service availability disabled the command is
#systemctl disable vsftpd.service
To start and enable the service at the same time

#systemctl enable vsftpd --now
To stop and disable the service at the same time

#systemctl disable vsftpd --now
Page 151 of 273

INTRODUCTION TO FIREWALLD
• A firewall is a device that allows multiple networks to communicate with one another
according to a defined security policy. They are used when there is a need for networks
of varying levels of trust to communicate with one another. For example, a firewall
typically exists between a corporate network and a public network like the Internet. It can
also be used inside a private network to limit access to different parts of the network.
Wherever there are different levels of trust among the different parts of a network, a
firewall can and should be used.
• A firewall is a device that allows multiple networks to communicate with one another
according to a defined security policy. They are used when there is a need for networks
of varying levels of trust to communicate with one another. For example, a firewall
typically exists between a corporate network and a public network like the Internet. It can
also be used inside a private network to limit access to different parts of the network.
Wherever there are different levels of trust among the different parts of a network, a
firewall can and should be used.
Page 152 of 273

LAB WORK:
To check the status of firewalld status

#firewall-cmd --state
To check the list of trusted services and ports in firewalld

#firewall-cmd --list-all
To add a service into trusted list permanently

#firewall-cmd --add-service=<service name> --permanent (ex ftp service)
The service will not be updated until reloading of firewall

To reload firewalld service
#firewall--cmd --reload
Page 153 of 273

To remove the service from firewall trusted list permanently
#firewall-cmd --remove-service=ftp –permanent
#firewall-cmd --reload
To add a port into firewall trusted lists permanently

#firewall-cmd --add-port=21/tcp –permanent
#firewall-cmd –reload
To remove a port from firewall trusted lists permanently

#firewall-cmd --remove-port=21/tcp --permanent
Page 154 of 273

To start the firewall permanently
#systemctl start firewalld.service
#systemctl enable firewalld.service
To stop the firewall permanently

#systemctl stop firewalld.service
#systemctl disable firewalld.service
To add or remove multiple services/ports in firewall use following command

#firewall-cmd --add-service=1st service --add-service=2nd service –permanent
#firewall-cmd --add-port=portid/protocol --add-port=portid/protocol –permanent

Page 155 of 273

INTRODUCTION TO COCKPIT IN RHEL8
• The Cockpit is a free and open source web-based server management tool. By default,
Cockpit comes preinstalled on an RHEL 8 server. But, it is not activated. A sysadmin must
enable it. One can see the server in a web browser and perform system tasks with a
GUI/mouse. It is easy to start containers, administer storage or users, configure networks,
and inspect log files on RHEL 8. The Cockpit web interface is user-friendly for new to Linux
users and seasoned sysadmins too.
• Cockpit is a useful Web based GUI tool through which sysadmins can monitor and manage
their Linux servers, it can also be used to manage networking and storage on servers,
containers, virtual machines and inspections of system and application’s logs.
Activating cockpit services:

As mentioned above cockpit tool comes pre-installed in RHEL8 and hence we don’t have
to install any package for it. The only thing we need to do is to activate the services related
to cockpit and allow it through firewall.
It can be observed that while we login into any rhel8 machine, by default it gives a message
on the screen related to cockpit, as shown below.
In order to use cockpit start the service of cockpit and check whether in firewall the services
is allowed or not.
#systemctl enable --now cockpit.socket
Page 156 of 273

Check whether cockpit is allowed in firewall or not. If not, allow cockpit in firewall
By default cockpit is pre-allowed in firewall. If it is not pre-allowed, then it can be added later
by using following commands
#firewall-cmd --add-service=cockpit –permanent
#firewall-cmd –reload
Now then the cockpit services are active and allowed in firewall, we can now access it through
a browser using the following URL
https://<server IP>:9090
Note: Initially it may reflect privacy error, click on Advanced tab and proceed to continue
Page 157 of 273

Type root or any other user credentials to login with
As you can see there are many options which can be explored to do various activities.
Go ahead and explore tabs for more activities, in-fact the many important activities can be
controlled or performed using cockpit.
Page 158 of 273

BACKUP AND RESTORE
• In information technology, a backup or the process of backing up is making copies of data

which may be used to restore the original after a data loss event.
• Backups have two distinct purposes
• The primary purpose is to recover data after its loss, be it by data deletion or corruption.
Data loss is a very common experience of computer users. 67% of Internet users have
suffered serious data loss.
• The secondary purpose of backups is to recover data from an earlier time, according to a
user-defined data retention policy, typically configured within a backup application for
how long copies of data are required.
• Backup is the most important job of a system administrator, as a system admin it is your
duty to take backup of the data every day.
• Many companies have gone out of the market because of poor backup planning.
• The easiest way to back up your files is just copying. But if you have too many files to
backup, copying and restoring may take too long time and it is not convenient. If there is
a tool that can put many files into one file, the world will be better. Fortunately, 'tar' is
used to create archive files. It can pack files or directories into a 'tar' file. It is like WinZip
in Windows, without much compression.
• The gzip program compresses a single file. One important thing to remember about gzip
is that, unlike tar, it replaces your original file with a compressed version. (The amount
of compression varies with the type of data, but a typical text file will be reduced by 70
to 80 percent.)
A Typical scenario of backup and compression using tar and gzip

Backup and Compressing Uncompressing & Restoring
Transferring file to other system
/opt/etc.tar.gz /opt/etc.tar.gz
20 MB
After compressing with gzip
After Unzipping of gzip file

/opt/etc.tar /root/etc.tar
190 MB
After applying tar
After Untaring the file

/etc /root/etc
200 MB
Normal File Back to Normal File
Virtualpath Techno Solutions
Page 159 of 273

LAB WORK:-
To backup the file using tar
• To backup the file using tar the syntax is
#tar –cvf <destination and name to be > < source file>
#tar –cvf /opt/etc.tar /etc
• Check the size of tar file by using du –h <file name > command
#du –h /opt/etc.tar
Apply gzip on tar file and check the size.

• To apply gzip on a tar file, the syntax is
#gzip <file name>
#gzip /opt/etc.tar
• Now check the size of the file
Page 160 of 273

Transfer the file to other system and remove gzip and tar from it and check the size on
every step.
• Let’s transfer the file to other computer using scp
#scp /opt/etc.tar.gz 192.168.10.95:/root/
• Login to the remote system, remove gzip it and check the size.
• To gunzip a file the syntax is
#gunzip <file name>
#gunzip etc.tar.gz
Untar the file and check for the size of the file/directory
• To untar a file the syntax is
#tar -xvf <file name>
#tar –xvf etc.tar
• To un-tar without unzipping, use #tar -zxvf (file name)

• To tar and zip together use #tar –zcvf destination and source.
• To view the content of tar file # tar –tvf filename.
Page 161 of 273

JOB AUTOMATION
Automation with cron
• In any operating system, it is possible to create jobs that you want to reoccur. This process,
known as job scheduling, is usually done based on user-defined jobs. For Red Hat or any
other Linux, this process is handled by the cron service or a daemon called crond, which
can be used to schedule tasks (also called jobs). By default, Red Hat comes with a set of
predefined jobs that occur on the system (hourly, daily, weekly, monthly, and with
arbitrary periodicity). As an administrator, however, you can define your own jobs and
allow your users to create them as well.
• The importance of the job scheduling is that the critical tasks like taking backups, which
the clients usually wants to be taken in nights, can easily be performed without the
intervention of the administrator by scheduling a cron job. If the cron job is scheduled
carefully than the backup will be taken at any given time of the client and there will be no
need for the administrator to remain back at nights to take the backup.
Important Files related to cron and at

• /etc/crontab is the file which contains cron job format
• /var/spool/cron/UserName : contains job scheduled by users
• /etc/cron.deny is the file used to restrict the users from using cron jobs.
• /etc/cron.allow is used to allow only users whose names are mentioned in this file to use
cron jobs. (this file does not exist by default)
• /var/log/cron is the log file for cron jobs
Crontab format
• To assign a job in the Crontab file the format used is the following
Page 162 of 273

Options Description
* Is treated as a wild card. Meaning any possible value.
Is treated as every 5 minutes, hours, days, or months. Replacing the 5 with

*/5
another numerical value will change this option.
Treated as an OR, so if placed in the hours, this could mean at 2, 4, or 6 o-

2,4,6
clock.
Treats for any value between 9 and 17. So if placed in day of month this
9-17
would be days 9 through 17. Or if put in hours it would be between 9 and 5.
Crontab Commands
Command Explanation
crontab –e Edit your crontab file, or create one if it doesn’t already exist.
crontab –l Display your crontab file.
crontab –r Remove your crontab file.
crontab -u If combined with –e, edit a particular user’s Crontab file and
if combined with –l, display a particular user’s crontab file. If
combined with –r, deletes a particular user’s Crontab file
LAB WORK:-
To check the assigned cron jobs of currently logged in user

• To check the cron jobs the command is
#crontab –l
To check the cron jobs of a particular user

• To check a user’s cron jobs, the syntax is
#crontab –l –u <user name>
#crontab –l –u myuser
Page 163 of 273

Setting a job to display the current date for every minute on present console
• To set the above job the steps are
• Check the console on which you are working by following command
#tty
Note: /dev/pts/1 is the console address
• Schedule the task as shown below

#crontab –e and enter the field as shown below and save it as in VI editor
Note: where * means every possible value.
• Restart the cron services

#service crond restart (RHEL6) or #systemctl restart crond (RHEL7)
• Wait for a minute and check whether time is displaying or not. Every min time will be
displayed as below.
Schedule a cron job to create a directory “mydir” under “/root” on “Sunday 22 October at
1:30 AM”
• To schedule above job edit the crontab file as shown below and restart the service
#crontab –e
Note: you can use 0 or 7 for Sunday.

Check whether it got created or not on scheduled day, if it created you can see the directory
otherwise an error mail will be generated to your mail.
Page 164 of 273

Schedule a job to run the backup script “bkpscript.sh” on every “Saturday 12:30 PM”
• In order to schedule above job the steps are.
• Check the location of script and also check whether it is having execute permission or not.
If not then add the execute permissions to all user on it.
• Apply the job in crontab

#crontab –l
Schedule a job so that a user “myuser” should get a mail regarding meeting on 24th, 29th and
31st October at 2:25 PM.
• To set above task edit the crontab in following passion, and restart the service
#crontab –e –u <user name>
#crontab –e –u myuser
#crontab –eu myuser
Schedule a job so that a user “myuser” should get the mail from 15th to 20th and 25th to 30st
November as a reminder of some session at 2:25 PM
• This task is very much similar to the previous one but there is only a small change in
format.
#crontab –e –u myuser
#crontab –eu myuser
• There are still various method you can schedule the cron jobs, Do some R&D on it to find
out more.
Page 165 of 273

Restrict users “myuser” “john” “sam” from using cron jobs
• To restrict any user from using cron job facility, enter their names in /etc/cron.deny and
save it
#vim /etc/cron.deny
• Now login as one of those users and try to use crontab.
• If you want to allow them to use cron job facilities again, remove their names from
/etc/cron.deny file.
Allow only two users “musab” and “rahul” to use cron jobs out of all the users in the system
• Assuming that we have 100 users in our system, putting all 98 names in /etc/cron.deny
file is a time consuming process. Instead of that, we can create one more file
/etc/cron.allow, in which we can assign names of those users who are allowed to use cron
jobs.
• Remove the /etc/cron.deny file and create /etc/cron.allow, still if both files are existing
cron.allow file will be having precedence over cron.deny file. Just to avoid confusion it is
good to remove cron.deny file
Note: /etc/cron.deny file exists by default, but we need to create /cron.allow file. If your
name is not there in cron.allow file then you will not be allowed to use cron jobs, and as
mentioned above, if both files are existing cron.allow file will be having precedence over
cron.deny file. If neither cron.deny nor cron.allow files exists then only root can use cron
jobs.
Page 166 of 273

• Now, let’s put those two users “musab” and “rahul” name in /etc/cron.allow file and
check the results.
#vim /etc/cron.allow
Note: To see man pages on cron job use #man 4 crontabs command
All the above are few examples to use cron, do some constant R&D’s to know more about
it.
Page 167 of 273

ADMINISTRATING REMOTE SYSTEM
• Remote shell Access using SSH

What Is SSH?
There are a couple of ways that you can access a shell (command line) remotely on most
Linux/Unix systems. One of the older ways is to use the telnet program, which is available on
most network capable operating systems. Accessing a shell account through the telnet
method though poses a danger in that everything that you send or receive over that telnet
session is visible in plain text on your local network, and the local network of the machine you
are connecting to. So anyone who can "sniff" the connection in-between can see your
username, password, email that you read, and command that you run. For these reasons you
need a more sophisticated program than telnet to connect to a remote host.
SSH, which is an acronym for Secure SHell, was designed and created to provide the best
security when accessing another computer remotely. Not only does it encrypt the session, it
also provides better authentication facilities.
An unencrypted telnet session An encrypted ssh session

These two diagrams above show how a telnet session can be viewed by anyone on the
network by using a sniffing program like Ethereal (now called Wireshark) or tcpdump. It is
really rather trivial to do this and so anyone on the network can steal your passwords and
other information. The first diagram shows user jsmith logging in to a remote server through
a telnet connection. He types his username jsmith and password C0lts06! which are viewable
by anyone who is using the same networks that he is using.
The second diagram shows how the data in an encrypted connection like SSH is encrypted on
the network and so cannot be read by anyone who doesn't have the session-negotiated keys,
which is just a fancy way of saying the data is scrambled. The server still can read the
information, but only after negotiating the encrypted session with the client.
• SSH configuration file is /etc/ssh/sshd_config

• SSH demon or service is sshd
Page 168 of 273

LAB WORK:-
Accessing the remote machine using ssh
• To access the remote machine using ssh, the syntax is
#ssh <ip address/ host name of remote machine>
Note: hostname can only be used when the hostname is saved in /etc/hosts file or, if
DNS is configured.
#ssh 192.168.10.98
The first time around it will ask you if you wish to add the remote host to a list of known_hosts,
go ahead and say yes.
• Enter the password of the remote system correctly, once logged in check hostname and
ip address to confirm login.
• To leave the session, just type exit or logout command and you will be back to your own
machine through which you are logged in.
Page 169 of 273

Trust Relationship / Password less login using SSH keys
• As a system administrator, one person will be assigned to manage many systems, for
example one person has to manage more than 10 systems at a time. In this situation
admin has to transfer some files from one system to another 9 systems or vice versa, for
every login on remote system it will prompt for password. Even for transferring files for
every transfer we need to enter the password.
• Above situation will be very annoying for system admin to type password for every step.
Therefore SSH provides a best way to escape password prompting every now and then.
• By generating SSH keys, a public key and a private key, an admin can copy the public key
into other system and done, it will work as authorized access from the admin’s system.
Now whenever we are logging from admin’s system to other system in which we have
stored the public key of admin’s system, it will not prompt us for password and we can
login to that system as many time as we want without being prompt for the password.
• SSH keys are an implementation of public-key cryptography. They solve the problem of
brute-force password attacks by making them computationally impractical.
• Public key cryptography uses a public key to encrypt data and a private key to decrypt it.
LAB WORK
Generating SSH key pair
• To generate the SSH key pair, the syntax is

# ssh-keygen
It will prompt above to mention the file where these keys shoud be stored, to keep its default
directory just press “Enter”. The default location will be /root/.ssh/ directory
Now it will ask for passphrase, which will be used instead of password. The passphrase will
only be asked every time you connect from other machine instead of its original password.
Enter your desired passphrase twice, or leave it blank for no passphrase and press enter.
Page 170 of 273

Okay, now our keys are successfully generated, go to /root/.ssh/ directory and check for the
keys.
#cd /root/.ssh
• The id_rsa is a private key and id _rsa.pub is the public key which will be used later to
make password less login.
Copying the public key on Client system

• To copy the server’s public key in client system, the command is
#ssh-copy-id –i <public key location> <clients IP address> (or user @ client IP)
#ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.10.95
Enter the password of the client to proceed, check it on client side whether it is copied or not
Note: Public key can also be copied in a simple way by using

#ssh-copy-id <remote machine address>; ex: ssh-copy-id 192.168.10.95
Page 171 of 273

Move to client machine and check whether the key is copied properly or not
• To check the key navigate to /root/.ssh/ directory and check for authorized_keys file
which will hold all the system which are authorized and will not be asked for password.
#cd /root/.ssh/
#cat authorized_keys
Try login to the client machine using SSH, check whether it is asking for password
• For logging into client machine the procedure is same as shown earlier.
• #ssh 192.168.10.95
Remote file transfer with SCP and RSYNC

SCP (SECURE COPY)
• scp stands for secure cp (copy), which means that you can copy files across an ssh
connection that will be encrypted, and therefore secured. As scp will be using ssh protocol
to transfer the data, hence it is termed as the safest method of transferring data from one
location to another.
LAB WORK:
To copy a file using SCP to remote machine from source location
• We are having a file myfile in “/” directory, in the server linux.mb.com who’s IP is
192.168.10.98, and we need to copy the same in other server’s i.e. cl5.mb.com with an
IP 192.168.10.95, /root directory.
• The syntax for SCP a file from source location.
#scp <file name > <remote hosts IP >:/<location to copy the file >
#scp /myfile 192.168.10.95:/root/
Page 172 of 273

• Now log in to destination system and check whether if the file is there.
To copy a file using SCP from a remote machine being in destination’s location(reverse scp)
• Let’s reverse the previous task, login to cl5 machine whose IP is 192.168.10.95, and
transfer a file from linux machine whose IP is 192.168.10.98
• Let’s first remove the earlier copied file myfile, then copy it again from destination’s
location.
• The syntax for SCP a file from destination location.
#scp <source system’s IP>:/<location of file to be copied> <destination location to copy>
Note: Password will be asked for every transfer if public key is not saved on both locations,
in our case we have already generated and copied the key, hence there is no password
prompts.
To copy a directory using SCP to remote machine from source’s location

• We are having a directory mydir in“/” directory, in the server linux.mb.com who’s IP is
192.168.10.98, and we need to copy the same in other server’s i.e. cl5.mb.com with an
IP 192.168.10.95, /root directory. Then,
• The syntax SCP a directory from source’s location, the syntax is
#scp <option> <dir name > <remote hosts IP >:/<location to copy the directory >
#scp -r /mydir 192.168.10.95:/root/
Page 173 of 273

To copy a directory using SCP from a remote machine being in destination’s location
(reverse scp)
• Let’s reverse the previous task, login to cl5 machine who’s IP is 192.168.10.95, and
transfer a directory mydir from linux machine whose IP is 192.168.10.98
• Let’s first remove the earlier copied directory mydir, then copy it again being in
destination’s location.
• The syntax for SCP a file from destination location.
#scp <option> <source system’s IP>:/<location of file to be copied> <destination
location to copy>
#scp –r 192.168.10.98:/mydir /root/
RSYNC (REMOTE SYNCHRONIZATION)

• rsync is a very good program for backing up/mirroring a directory tree of files from one
machine to another machine, and for keeping the two machines "in sync." It's designed
to speed up file transfer by copying the differences between two files rather than copying
an entire file every time.
• For example, Assume that we are supposed to take the backup of a system and copy the
same to another system. For first time we will copy entire directory, but every day if we
copy entire directory it will kill lots of time. In such situation if rsync is used it will only
copy the updated files/directories rather than copying all files/directories inside main
directory, which saves lots of time and speedup the transfer
• If rsync is combined with ssh it makes a great utility to sync the data securely. If rsync is
not used with ssh, the risk sniffing will always be there.
LAB WORK:-
Copy a directory using SCP, then update it and try rsync with SSH and check if the data is
synced.
• As we have already copy a directory earlier using SCP from linux to cl5 system, let’ s use
it for rsync.
• Update the directory with some files in linux machine
Page 174 of 273

• Check the content of same directory in cl5
• Use rsync to sync the directory on cl5 machine, with the one in linux machine
• The syntax to rsycn a directory is
#rsync <options> <encryption> <source dir> <destination IP>:/<location of destination
dir>
#rsync –rv -e ssh /mydir 192.168.10.95:/root/
Observe that it is only copying the files which are not there in destination’s folder.
Note: If you don’t want to use ssh just remove –e option from above syntax, but the drawback
of it is there will be no encryption
• To compress the data and send it in archive mode use -avz instead of -rv in rsync
Sync a file using rsync with ssh
• Let’s check the file called file1 on both linux and cl5 machines
Page 175 of 273

• Update the file file1 in linux, sync it with rsync to cl5 and check the file again.
• The syntax for syncing a file is
#rsync –avz –e ssh <source file> <destination ip>:/<location of file >
Like this you can use rsync in many ways to transfer the updated file or files/directory to
other system.
Other important things in rsync
• --dry-run : dry-run is used to see the preview of transfer before doing actual transfer
Syntax: rsync –avz –e ssh /mydir 192.168.104.82:/opt --dry-run
• Reverse rsync : reverse rsync is referred to sync folder from destination to source
machine. It is exactly same like reverse scp seen in scp chapter
Syntax: rsync –avz –e ssh 192.168.104.82/opt/mydir /mydir
Where 192.168.104.82/opt/mydir is remote machine directory and /mydir is local
machine directory
Page 176 of 273

SOFTWARE MANAGEMENT
To manage the software in Linux, two utilities are used,
1. RPM – REDHAT PACKAGE MANAGER

2. YUM – YELLOWDOG UPDATER MODIFIED OR DNF- DANDIFIED YUM
RPM –REDHAT PACKAGE MANAGER

RPM is a package managing system (collection of tools to manage software packages). RPM
is a powerful software management tool for installing, uninstalling, verifying, querying and
updating software packages. RPM is a straight forward program to perform the above
software management tasks.
Features:
• RPM can verify software packages.
• RPM can be served as a powerful search engine to search for software’s.
• Components, software’s etc can be upgraded using RPM without having to reinstall
them
• Installing, reinstalling can be done with ease using RPM
• During updates RPM handles configuration files carefully, so that the customization
is not lost.
LAB WORK:-
To check all the installed packages in the system

• To check all the installed packages in the system, the syntax is
• #rpm –qa (where q stands for query, and a stands for all)
Note: The output of above command will be very lengthier.
Page 177 of 273

To check whether a particular package is installed or not
• To check whether a package is installed or not out of the list of installed package, the
syntax is
#rpm –qa <package name> or
#rpm –q < package name>
#rpm –qa vsftpd or #rpm –q vsftpd
• One more method of checking the installed package, when you are not sure about the
package name, like whether it starts with capital letter and full name etc.
#rpm –qa | grep –i < package name>
#rpm –qa |grep –i vsft*
To check whether a package is consistent or not, before installing it. (Testing the
installation)
• To check the package’s consistency,
• Move to the directory where you have kept the rpm package which you wish to install
• The command used to check the package’s consistency is

#rpm –ivh - -test <package name>
Where i = install, v= verbose view, and h = hash progress.
#rpm –ivh - - test finger-0.17-39.el7.i686.rpm
If the installation status shows 100%, then the package is good or consistent.
But while showing the hash progress if it shows any error, then the package is
inconsistent.
Page 178 of 273

To install a package using rpm command and check whether it is installed
properly or not.
• To install the package first we need to be in the directory of the package
• To install the package the syntax is

#rpm –ivh <package name>
#rpm –ivh finger-0.17-39.el6.i686.rpm
• To check whether it is installed or not

#rpm –qa finger
• Check the installed package by using it command; finger is used to check user’s details.
#finger <user name>
#finger myuser
To remove a package or uninstall the package

• To remove a package the syntax is
#rpm –evh < package name>
#rpm –evh finger
Verify it by #rpm –q or rpm –qa command
Page 179 of 273

To see the information about the package before installing
• To see the info about a particular package which is not installed, move to the directory
where you have kept the packages.
• To see the info of a package, the syntax is

#rpm –qip <package name> (where q is for query, i is for install and p is for package)
#rpm –qip finger-0.17-39-el6.1686.rpm
To see the information about the installed package

• To see the information or details about the installed package, the syntax is
#rpm –qi < package name >
#rpm –qi vsftpd
Page 180 of 273

To check the package related to a command
• To check the package of a particular command, first check the installed location of a
command
#which <command name>
#which cat
• Now, use the following command,

#rpm –qf <path of the command>
#rpm –qf /bin/cat
To install a package forcefully

• Before installing a package forcefully, first understand a situation where we need this
force option.
• Let uscorrupt one command and show you how to install its package forcefully.
• First check the package of the command we are going to corrupt. Let say mount command
#which mount, #which date
• Okay, so we know the package of mount let’s copy other commands content over mount
command. Let copy date command’s contents over mount command.
#cp /usr/bin/date /usr/bin/mount
• Now when you run mount command it will show date, that means it is corrupted.
• So, to fix the mount command we need to reinstall its package, let’s install the package
and check whether mount command is fixed or not. Move to the folder where you kept
the packages and install it
#rpm –ivh util-linux-ng 2.17.2-6.el6.i686
Page 181 of 273

It says the package is already installed, check by using mount command whether it is
working fine.
• Oops…!!! It isn’t fixed yet, now to fix it, force installation is to be done, the syntax is
#rpm –ivh <package name > - - force
# rpm –ivh util-linux-ng 2.17.2-6.el7_x86_64 - -force
Okay then, we’ve not only installed the package successfully but we have also fixed the
command. Congratulations.
To see the configuration files of the installed package

• To see the configuration files of the installed package, the syntax is
#rpm –qlc <package name>
Page 182 of 273

To see the directory with which a particular package is associated.
• To see the directory with which a package is associated, the syntax is
#rpm –qld <package name>
#rpm –qld vsftpd
To install a package without installing dependencies

• Some rpm requires some other packages to be installed before it can be installed; this
requirement is termed as ‘dependency’. This means that before installing a package we
need to install the required packages first, so that it can work properly.
• But sometimes we can skip installing the dependency, if we don’t have that dependent
software with us.
• The syntax for it is
#rpm –ivh <package name> - -nodeps
#rpm -ivh util-linux-ng 2.17.2-6.el6.i686 - -nodeps
To update a particular package

• To update a package the syntax is
#rpm –Uvh <package name>
#rpm –Uvh vsftpd -2.2.4
To check the changes are made after installation of package

• First let’s make some changes in the configuration file of a package say vsftpd
#vim /etc/vsftpd/vsftpd.conf
• Now run the following command and check for the result.
It is showing that some changes have been made. Isn’t it cool!!!
Page 183 of 273

YUM – YELLOWDOG UPDATER MODIFIED
• The Yellow dog Updater Modified (YUM) is a package management application for
computers running Linux operating systems.
• Yum is a standard method of managing the installation and removal of software. Several
graphical applications exist to allow users to easily add and remove packages; however,
many are simply friendly interfaces with yum running underneath. These programs
present the user with a list of available software and pass the user's selection on for
processing. It is yum that actually downloads the packages and installs them in the
background.
• Packages are downloaded from collections called repositories, which may be online, on a
network, and/or on installation media. If one package due to be installed relies on another
being present, this dependency can usually be resolved without the user needing to know
the details. For example, a game being installed may depend on specific software to play
its music. The problem of solving such dependencies can be handled by yum because it
knows about all the other packages that are available in the repository.
• Yum will work only from Cantos 5 / Red hat 5 and latest versions of fedora. For Old
releases like RHEL 4 you need to use up2date command to update your rpm based
packages.
• Yum uses a configuration file at /etc/yum.conf
LAB WORK:-
Configuring a YUM server in RHEL6/7
To configure a YUM server the steps are.

• Make sure that vsftpd package is installed, if not install it.
• Copy entire RHEL6/7 DVD to “/var/ftp/pub/rhel” directory, where rhel dir is to made by
us only it is not default dir.
• Make a repo file as “my.repo”in /etc/yum.repos.d directory
• Clean the yum cache and check the package list using yum command
Let’s start with the first step

• Checking the vsftpd package is installed or not.
Page 184 of 273

• If it is not installed, then go to dvd’s mount point and navigate to “Packages” directory
and install it as shown below.
• As we know the mount point of dvd is /media/RHEL_6 (in rhel6) &

/run/media/root/RHEL7 (in rhel7), move to its location and enter intoPackages directory.
As it is already installed, it is not being installed.
Copy entire RHEL7 DVD to “/var/ftp/pub/rhel7” directory, Where rhel7 dir is to be created
manually, it is not a default directory
• First make an directory “rhe7” under /var/ftp/pub
#mkdir /var/ftp/pub/rhel7
• Now copy the RHEL6/7 DVD to /var/ftp/pub/rhel directory with its default permission
#cp –rvfp /run/media/root/RHEL-7.1\ Server.x86_64/* /var/ftp/pub/rhel7
Note:- it will take around 3-5 minutes copy all the data, based on the DVD
• Check the directory after copying is finished.
Okay, then half of our configuration is completed.
Page 185 of 273

Make a repo file as “my.repo”in /etc/yum.repos.d directory
• The file which we make inside /etc/yum.reops.d, will be functioning as the repository
address and configuration file. Create the file with following details.
#vim /etc/yum.repos.d/my.repo
I guess there’s some explanation requires about the fields we have entered.
• [MYREPO] is the repo ID, which will be displayed while using yum repository.
• name is the name given for the repository.
• baseurl is the location of the dvd dump we have made.
• enabled is to enable or disable the repository. The possible value for it is 0 and 1, where
0 means disable and 1 means enabled.
• gpgcheck gpgcheck= GNU privacy guard. gpgcheck used for signature verification from its
central database. If signature verification is successful then you sure about the security. If
you set the value of gpgcheck is 1 then it asks for signature varification else it doesn’t.
• Example of gpgkey in RHEL- RPM-GPG-KEY-redhat-release
Clean the yum cache and check the package list using yum command
• To clear the cache use the following command
#yum clean all
If the configuration is correct, then the following output will be displayed, otherwise there
will be some errors displayed.
• Now let’s check whether our repository is functioning properly or not.

#yum repolist (to list all the repositories in the system)
Start the vsftpd service and make it permanent
Page 186 of 273

Allow ftp in firewalld in rhel7 if it is running
Configure the yum client and check whether yum server is responding to it.
Configuring a yum client is very simple with just three steps.
• Make a repo file /etc/yum.repo.d/ as “mycl.repo”
• Clean the cache and check whether yum server is responding or not
Make a repo file /etc/yum.repo.d/ as “mycl.repo”

• Just make a repo file like we did for server but with only one change in baseurl as shown
below
#vim /etc/yum.repos.d/mycl.repo
Note: - baseurl =ftp://192.168.10.81/pub/rhel refers to the server’s ftp address.
Clean the cache and check whether yum server is responding or not
• Just clean the cache as we have done earlier in server’s configuration.
• Check whether the server is responding to client’s yum request.

#yum repolist
If your output is like this then you have successfully configured a yum client as well.
Congrats!!! Now you can configure as many as clients you want.
Page 187 of 273

INTRODUCTION TO DNF – DANDIFIED YUM FROM RHEL8:
DNF stands for Dandified YUM is a software package manager for RPM-based Linux
distributions. It is used to install, update and remove packages in the Fedora/RHEL/CentOS
operating system. It is the default package manager of Fedora 22, CentOS8 and RHEL8. DNF
is the next generation version of YUM and intended to be the replacement for YUM in RPM-
based systems. DNF is powerful and has robust features than you'll find in yum. DNF makes it
easy to maintain groups of packages and capable of automatically resolving dependency
issues.
Configuring a DNF server in RHEL8
To configure a DNF YUM server the steps are.

• Make sure that vsftpd package is installed, if not install it.
• Copy entire RHEL8 DVD to “/var/ftp/pub/rhel8” directory, where rhel8 dir hast to be
created manually by us only, as it is not default dir.
• Make a repo file as “my.repo”in /etc/yum.repos.d directory
• Clean the yum cache and check the package list using yum command
Let’s start with the first step

• Checking the vsftpd package is installed or not.
• If it is not installed, mount RHEL8 DVD on some mount point and navigate to “Packages”
directory and install it as shown below.
• As we know the mount point of DVD is /media, move to its location and enter into
AppStream/ Packages directory and install vsftpd package using rpm
Page 188 of 273

Copy entire RHEL8 DVD to “/var/ftp/pub/rhel8” directory, Where rhel8 dir is to be created
manually, as it is not a default directory.
Note: make sure around 8 GB space is free in /var to copy the data
• First make an directory “rhel8” under /var/ftp/pub

#mkdir /var/ftp/pub/rhel8
• Now copy the RHEL8 DVD to /var/ftp/pub/rhel directory with its default permission
#cp –rvfp /media/* /var/ftp/pub/rhel8
Note:- it will take around 3-5 minutes copy all the data, based on the DVD
• Check the directory after copying is finished.
Okay, then half of our configuration is completed.
Make a repo file as “my.repo”in /etc/yum.repos.d directory

• The file which we make inside /etc/yum.repos.d, will be functioning as the repository
address and configuration file. Create the file with following details.
#vim /etc/yum.repos.d/my.repo
I guess there’s some explanation requires about the fields we have entered.
• [MYREPO] is the repo ID, which will be displayed while using yum repository.
• name is the name given for the repository.
• baseurl is the location of the dvd dump we have made.
Page 189 of 273

• enabled is to enable or disable the repository. The possible value for it is 0 and 1, where
0 means disable and 1 means enabled.
• gpgcheck gpgcheck= GNU privacy guard. gpgcheck used for signature verification from its
central database. If signature verification is successful then you sure about the security. If
you set the value of gpgcheck is 1 then it asks for signature varification else it doesn’t.
• Example of gpgkey in RHEL- RPM-GPG-KEY-redhat-release
Clean the yum cache and check the package list using yum command
• To clear the cache use the following command
#dnf clean all
If the configuration is correct, then the following output will be displayed, otherwise there
will be some errors displayed.
• Now let’s check whether our repository is functioning properly or not.

#dnf repolist (to list all the repositories in the system)
In order to share files with ftp, make the following changes in ftp config
#vim /etc/vsftpd/vsftpd.conf
Start the vsftpd service and make it permanent
Allow ftp in firewalld, if it is running
Page 190 of 273

Configure the yum client and check whether yum server is responding to it.
Configuring a yum client is very simple with just three steps.
• Make a repo file /etc/yum.repos.d/ as “mycl.repo”
• Clean the cache and check whether yum server is responding or nt
Make a repo file /etc/yum.repos.d/ as “mycl.repo”

• Just make a repo file like we did for server but with only one change in baseurl as shown
below
#vim /etc/yum.repos.d/mycl.repo
Note: - baseurl =ftp://192.168.10.30/pub/rhel8 refers to the server’s ftp address.
Clean the cache and check whether yum server is responding or not
• Just clean the cache as we have done earlier in server’s configuration.
• Check whether the server is responding to client’s yum request.

#yum repolist
Page 191 of 273

If your output is like this then you have successfully configured a yum client as well.
Congrats!!! Now you can configure as many as clients you want
Working with YUM commands
To list the available packages in the repository

• #yum list ( or) #yum list all (or) #yum list |more (to view line wise)
As we have seen the first command, second will also give exactly the same output. Let
us see the third command
#yum list |more or #dnf list |more
To list all the installed packages in the system.

• To view all the installed packages in the system, the syntax is
#yum list installed or #dnf list installed
Page 192 of 273

To check a particular package is installed or not
• To check whether a package is installed or not the syntax is
#yum list installed <package name> or #dnf list installed <package name>
#yum list installed vsftpd or #dnf installed vsftpd
To install a package using yum

• Installing a package using yum does not require full package name as in the case of rpm,
and it also automatically resolves the dependencies as well.
• The syntax for installing a package is
#yum install <package name> or #dnf install <package name>
#yum install dovecot* or #dnf install dovecot* (where * means anything with name
“dovecot”)
It will prompt you for y/n (Yes/No) to continue, type y and continue installing the package
Page 193 of 273

• installing a package without being prompt for y or n, the syntax is
#yum install <package name > -y or # dnf install <package name> -y
#yum install dovecot -y or #dnf install dovecot -y
To remove the package with yum command

• To remove the package using yum command, the syntax is
#yum remove <package name> or #dnf remove <package name>
#yum remove finger –y or #dnf remove <package name>
Page 194 of 273

To update the package using yum
• To update the package using yum command, the syntax is
#yum update <package name> or #dnf update <package name>
#yum update httpd or #dnf update httpd
As there are no updates available for it, it is not showing anything to update
To install a package locally from a folder, pen drive or cd rom

• Move to the package where you have stored the package to be installed
• The syntax for installing a package locally is

#yum localinstall <package name> -y # dnf localinstall <package name>
#yum localinstall finger* -y (or) #yum localinstall finger-0.17-39.el6.i686.rpm –y
#dnf localinstall finger* -y #dnf localinstall finger-0.17-39.el6.i686.rpm –y
Page 195 of 273

To see the information about the package
#yum info <package name> or #dnf info <package name>
#yum info vsftpd or dnf info vsftpd
To list and install a group of packages using yum

• To list the group of package the syntax is
#yum grouplist or dnf grouplist
Page 196 of 273

• To install package group called “Development Tools”, the syntax is
#yum groupinstall <group name> -y or dnf groupinstall ‘group name’
#yum groupinstall ‘Development Tools’ –y #dnf grouplist ‘Development Tools’ -y
Removing a Group package using yum

• To remove a group, the syntax is
#yum groupremove <group name> or dnf groupremove <group name>
#yum groupremove ‘Development Tools’ –y or #dnf groupremove ‘Development Tools’
Other commands with yum :
To reinstall a package
#yum reinstall <package name> -y or #dnf reinstall <package name>
To see group information

#yum groupinfo <group name> or #dnf groupinfo ‘group name’
The software management can be learnt more by using manual pages like man yum or dnf
and also man rpm etc.
Page 197 of 273

MANAGING PROCESS
• A Linux process is a program running in the Linux system. Depending on Linux

distributions, it's also known as service. In Linux community however, a Linux process is
called daemon.
• When you start a program or running an application in Linux, you actually execute that
program. A Linux process (a daemon), running in foreground or in the background, uses
memory and CPU resources. That's why we need to manage Linux process. Keeping
unused Linux process running in the system is a waste and also exposes your system to
security threat.
• In Linux, every running process or daemon is given an identity number called PID (Process
ID). The process id is unique. We can terminate unused program in the system by stopping
its process id.
• In order to manage Linux processes, we need to identify some process information such
as who's responsible for the process, which terminal the process is running from and what
command used to run the process.
There are generally three types of processes that run on Linux.
• Interactive Processes
• System Process or Daemon
• Automatic or batch
Interactive Processes
Interactive processes are those processes that are invoked by a user and can interact with the
user. VI is an example of an interactive process. Interactive processes can be classified into
foreground and background processes. The foreground process is the process that you are
currently interacting with, and is using the terminal as its stdin (standard input) and stdout
(standard output). A background process is not interacting with the user and can be in one of
two states - paused or running.
Page 198 of 273

System Process or Daemon
The second general type of process that runs on Linux is a System Process or Daemon (day-
mon). Daemon is the term used to refer to processes that are running on the computer and
provide services but do not interact with the console. Most server software is implemented
as a daemon. Apache, Samba, and inn are all examples of daemons.
Any process can become a daemon as long as it is run in the background, and does not interact
with the user. A simple example of this can be achieved using the [ls -R] command. This will
list all subdirectories on the computer, and is similar to the [dir /s] command on Windows.
This command can be set to run in the background by typing [ls -R &], and although technically
you have control over the shell prompt, you will be able to do little work as the screen displays
the output of the process that you have running in the background. You will also notice that
the standard pause (ctrl+z) and kill (ctrl+c) commands do little to help you.
Automatic Processes
Automatic processes are not connected to a terminal. Rather, these are tasks that can be
queued into a spooler area, where they wait to be executed on a FIFO (first-in, first-out) basis.
Such tasks can be executed using one of two criteria:
At certain date and time: done using the “at “command
At times when the total system load is low enough to accept extra jobs: done using the Cron
command. By default, tasks are put in a queue where they wait to be executed until the
system load is lower than 0.8. In large environments, the system administrator may prefer
cron job processing when large amounts of data have to be processed or when tasks
demanding a lot of system resources have to be executed on an already loaded system. Cron
job processing is also used for optimizing system performance.
Parent and Child Process

• The Process which starts or creates another process is called parent process and the one
which got created is known as child process.
• Every process will be having a parent process except init/systemd process.
• The init/systemd process is the parent of all the process in the system. It is the first
process which gets started by the kernel at the time of booting
• The PID of init/systemd will be 1.
• Only after init/systemd process gets started the remaining process are called by it, and
hence it is responsible for all the remaining processes in the system.
Page 199 of 273

LAB WORK:-
To monitor the process using ps command

• The ps command gives the running process of the present terminal and present command.
The syntax for ps command is
#ps
To see total number of processes running in the system

• The possible options which can be used with ps command are
#ps –a
To see the processes running by the logged in user (ex root)

• #ps –u <user name>
#ps –u musab
#ps -u ( if no name is given it will show the processes of the logged in user)
To see which process are attached with some terminals (tty) and which are not
• #ps –x
Note: The process which are showing “?” are not attached to any tty, mostly background
processes
Page 200 of 273

To see which process are running by a particular group
• #ps –G <group name> or #pgrep –G <group name>
#ps –G musab or #pgrep –G musab
To see the auxiliary information of all the process, like cpu and memory consumptions
#ps –aux
Signals in Linux
• Signals are a way of sending simple messages to processes. Most of these messages are
already defined and can be found in <linux/signal.h>. However, signals can only be
processed when the process is in user mode. If a signal has been sent to a process that is
in kernel mode, it is dealt with immediately on returning to user mode.
• Every signal has a unique signal name, an abbreviation that begins with SIG (SIGINT for
interrupt signal, for example). Each signal name is a macro which stands for a positive
integer - the signal number for that kind of signal. Your programs should never make
assumptions about the numeric code for a particular kind of signal, but rather refer to
them always by the names defined. This is because the number for a given kind of signal
can vary from system to system, but the meanings of the names are standardized and
fairly uniform.
• Signals can be generated by the process itself, or they can be sent from one process to
another. A variety of signals can be generated or delivered, and they have many uses for
programmers. (To see a complete list of signals in the Linux® environment, uses the
command kill -l.)
Page 201 of 273

• There are total 64 signals in Linux, the list of all the signal can be sen by
#kill –l
Few Important Signals with its descriptions:
The most common signals used are

• 1 for reloading the process
• 9 for killing the process
• 15 for Terminating the process
• 20 for stopping the process
Page 202 of 273

To kill the process completely
• To kill the signal
• First find out the process running in the system, let’s say by a user
#ps –u <user name>
#ps –u musab
#kill <signal no> <process id>
#kill -9 11591
Likewise you can use other signals to kill the process like
#kill -15 <pid>
#kill -1 <pid>
To stop the process using a signal no. 20

• To stop a process first login as a normal user and start a process
#su – musab
#cat > hello
• Check its pid and kill it by using 20, #ps –u musab

#kill -20
• check its effect at the user’s console
• Restart the process continue working

#fg <pid>
#fg 1
Page 203 of 273

Setting up the Priority of a Process
• When talking about processes priority is all about managing processor time. The Processor
or CPU is like a human juggling multiple tasks at the same time. Sometimes we can have
enough room to take on multiple projects. Sometimes we can only focus on one thing at
a time. Other times something important pops up and we want to devote all of our energy
into solving that problem while putting less important tasks on the back burner.
• In Linux we can set guidelines for the CPU to follow when it is looking at all the tasks it has
to do. These guidelines are called niceness or nice value. The Linux niceness scale goes
from -20 to 20. The lower the number the more priority that task gets. If the niceness
value is high number like 20 the task will be set to the lowest priority and the CPU will
process it whenever it gets a chance. The default nice value is zero.
• By using this scale we can allocate our CPU resources more appropriately. Lower priority
programs that are not important can be set to a higher nice value, while high priority
programs like daemons and services can be set to receive more of the CPU’s focus. You
can even give a specific user a lower nice value for all of his/her processes so you can limit
their ability to slow down the computer’s core services.
• There are two options to reduce/increase value of a process. You can either do it using
the nice command or the renice command.
LAB WORK:-
To schedule a priority of a process before starting it

• To set a priority to a process before starting it, the syntax is
#nice –n <nice value range (-20 to 20)> <command>
#nice –n 5 cat > myfile
• Log in to other terminal and check the nice value for the above command/ process.
#ps –elf
Page 204 of 273

To change the nice value of any process while it is running.
• To reschedule the nice value of existing process, first check the PID of that process by
running #ps –elf command.
• As from previous task we know the PID of cat command i.e. 13155
• Use the following command to renice the value of a cat command which is still running
#renice <nice value (-20 to 19)> <PID>
#renice 2 13155
Important monitoring commands

There are four critical resources of the system which is also known as 4 critical bottle neck
1. CPU
2. MEMORY
3. I/O (INPUT OUTPUT)
4. NETWORK
1. CPU: To monitor cpu there are following commands

#ps, sar, lscpu, /proc/cpuinfo
#sar (system activity report)
To see continuous output of sar

#sar 1 (1 sec is the time interval)
To restrict the output for 3 counts for every second

#sar 1 3 (where 1 is time interval and 3 is counts)
Page 205 of 273

To see the details of cpu
#lscpu
#cat /proc/cpuinfo
2. Memory: To monitor memory following commands are used

#free, swapon –s , vmstat, /proc/meminfo
#vmstat
Page 206 of 273

To continuously see the output of vmstat for every 1 second
#vmstat 1
To restrict the output of vmstat to 3 counts with time interval of 1 second

#vmstat 1 3 (where 1 is time interval and 3 is count)
#vmstat –s and #proc/meminfo
Page 207 of 273

3. I/O: To Monitor I/O devices following commands are used
#fdisk, parted, df –h, iostat, lsblk, lsusb, lspci
#iostat : to see the statistic of i/o devices
To continuously repeat the output of iostat every second and to restrict the same for 3
counts
#iostat 1, #iostat 1 3
To see a particular device statistics continuously

#iostat –d <dev name> 1
#iostat –d sda3 1
Page 208 of 273

To restrict the same for 3 counts
#iostat –d <dev name> 1 3 (where 1 is time interval and 3 is counts)
#iostat –d sda3 1 3
4. To monitoring network following commands

#ifconfig, ethtool, mii-tool, ping, netstat , route
To see the network configuration

#netstat
To see interface statistics

#netstat –i
To see routing table

#netstat –rn
Page 209 of 273

Routing table can also be seen by
#route
Monitoring the process using top command

• When you need to see the running processes on your Linux in real time, you have top as
your tool for that.
• top also displays other info besides the running processes, like free memory both
physical and swap
Monitoring all process using top command

• To monitor all processes in the system use the following command
#top
The first line in top:
• “02:23:18″ is the current time; “up 1 day” shows how long the system has been up for;
“3 user” how many users are logged in; “load average: 0.01, 0.00, 0.23″ the load average
of the system (1minute, 5 minutes, 15 minutes).
The second line in top:
• Shows the number of processes and their current state.
The third line in top:
• Shows CPU utilization details. “9.5%us” user processes are using 9.5%; “31.2%sy” system
processes are using 31.2%; “27.0%id” percentage of available cpu; “7.6%wa” time CPU is
waiting for IO.
Page 210 of 273

The fourth and fifth lines in top:
• “543948k total” is total memory in the system; “526204K used” is the part of the RAM
that currently contains information; “17744k free” is the part of RAM that contains no
information; “17748K buffers and 129928k cached” is the buffered and cached data for
IO.
By default, top starts by showing the following task's property:
Field Description
PID Process ID
USER Effective User ID
PR Dynamic priority
NI Nice value, also known as base priority
VIRT Virtual Size of the task. This includes the size of process's executable
binary, the data area and all the loaded shared libraries.
RES The size of RAM currently consumed by the task. Swapped out portion
of the task is not included.
SHR Some memory areas could be shared between two or more task, this
field reflects that shared areas. The example of shared area are shared
library and SysV shared memory.
S Task status
%CPU The percentage of CPU time dedicated to run the task since the last
top's screen update.
%MEM The percentage of RAM currently consumed by the task.
TIME+ The total CPU time the task has been used since it started. "+" sign
means it is displayed with hundredth of a second granularity. By
default, TIME/TIME+ doesn't account the CPU time used by the task's
dead children.
Command Showing program names
Interacting with TOP

Now that we are able to understand the output from TOP lets learn how to change the
way the output is displayed.
Use the following key while running top and the output will be sorted in real time.
• h - help
• M – Sort by memory usage
• P – Sort by CPU usage
• T – Sort by cumulative time
• z – Color display
• L – locate/search a string
• r – to renice a process
• k – Kill a process
• q – quit
Page 211 of 273

To kill the process with PID 21, then press “k” and a prompt will ask you for the PID
number, and enter 21. When asked about singal number give 9 or 15
To renice a process with PID 4, then press “r” and a prompt will ask you for PID enter
4 and press enter. When prompted for renice value give any value .
Find out more on top command from internet and keep practicing
Page 212 of 273

NFS (NETWORK FILE SYSTEM/SHARING)
• NFS stands for Network File System, and is a way to share files between machines as if
they were on your local hard drive. Linux can be both an NFS server and an NFS client,
which means that it can export filesystems to other systems, and mount filesystems
exported from other machines.
• For example NFS server could be a Linux system and UNIX could be a client. But it can’t
be a window system because windows is not NFS compatible. The NFS server exports one
or more directories to the client systems, and the client systems mount one or more of
the shared directories to local directories called mount points. After the share is mounted,
all I/O operations are written back to the server, and all clients notice the change as if it
occurred on the local filesystem.
• A manual refresh is not needed because the client accesses the remote filesystem as if it
were local. Because access is granted by IP address, a username and password are not
required. However, there are security risks to consider because the NFS server knows
nothing about the users on the client system.
A Typical view of the NFS structure in Linux/Unix system
Profile for NFS:
• Package : nfs-utils
• Daemons : nfs-server.service
rpc.nfsd, rpc.mountd, rpc.statd, rpc.lockd, rpc.rquotad
• Port number : 2049
• Configuration File : /etc/exports
• Other imp files : /var/lib/nfs/etab, /var/lib/nfs/rmtab
Page 213 of 273

Steps to configure NFS server:
Step1: check and if needed install the NFS package using yum or rpm.
Step2: Create a on partition and add some data in it.
Step3: Export the directory by editing /etc/exports file and using exportfs command
Step4: Restart the services and make it permanent.
Step1: Install the NFS package.

• Check whether the package is installed
#rpm –q nfs-utils
• If it is not installed use following command to install it

#yum install nfs-utils* -y
Step2: Create a directory or create a partition and mount it and make a mount point and
add data to it.
• Create a partition, format it and mount it, access the mount point and add data to it
#fdisk /dev/vda create a partition
• Update the partition table and format it

#partx –a /dev/vda or #partprobe /dev/vda
#mkfs.ext4/xfs /dev/vda13
• Create a directory and mount the partition over it and also make it permanent in
/etc/fstab
Page 214 of 273

• Access the mount point and add some data in it
Step3: Export the directory by editing /etc/exports file and using exportfs command
• Edit the /etc/exports file
#vim /etc/exports
Mount Options
Dir name Network range permission sync the disk before command completion
/mydir : Name of the directory to be exported

192.168.106.0/24 : Range of network where directory can be mounted
To give permission to only one node, just give the IP
ADDR
Of that node (ex: 192.168.106.93)
(rw, sync) : Mount options
The Mount options which can be used
rw : Sets read/write permissions

ro : Sets read-only permissions
sync : Specifies that all changes must be written to disk before a
Command completes
no_wdelay : Forces the writing of changes immediately (useful for logs if
Something crashes)
root_squash : Prevent root user’s privilege
• Now run the exportfs command to export the directory

#exportfs –avr
Options:
-a Exports or un-exports all directories
-r Reexport all directories
-u Unexports one or more directories
-v Provides verbose output
Page 215 of 273

Step4: Start the services and make it permanent.
• #systemctl start nfs-server.service
• #systemctl enable nfs-server.service
Check the directories which is exported in /var/lib/nfs/etab and /var/lib/nfs/rmtab
• Note: Add the nfs in firewalld trusted services

• #firewall-cmd --add-service=nfs --permanently
• #firewall-cmd –reload
Client side configuration for NFS mounting

Step1: Check and Install the NFS package if not installed
Step2: Start the NFS services
Step3: Check which directory is exported for this machine using showmount command
Step4: Make a directory and mount the NFS dir over it.
Step5: Add some data to it and check the same is updated on server side.
Step1: Check and Install the package for NFS

#rpm –q nfs-utils
It will be already installed, if it is not installed use yum install nfs-utils* -y
Page 216 of 273

Step2: check and start the NFS services and make it permanent.
• #systemctl start nfs-server.service
• #systemctl enable nfs-server.service
Step3: Check which directory is exported for this machine using showmount command
• To check the exported directories from server the syntax is
#showmount –e <server ip address>
Note: At first it may show such error, due to firewall blocking some important services on
server side. To resolve it login to server and allow following services in firewall.
• #firewall-cmd --add-service=rpc-bind --permanent
• #firewall-cmd --add-service=mountd --permanent
• #firewall-cmd –reload
Now try showmount -e , it would be working fine
Page 217 of 273

Step4: Make a directory and mount NFS over it.
• #mkdir /nfscl
• #mount –t nfs 192.168.106.81:/mydir /nfscl
• To make it permanent mount edit /etc/fstab file as follows
Auto-mounting the NFS directory

• All the resources of the server is valuable and needs to be available for usage, when we
mount a NFS directory over client the network resource gets busy, even when the work
is finished the network resource will still be busy as mounting occupy it.
• Autofs automatically mounts file systems for you when they are requested. This has a
very handy feature: It's great for handling removable media. Just CD to the right
directory, or execute ls or do anything that sends a request to the mount point: and the
daemon mounts it. After all, it's the kind of job that's beneath the dignity of a human
being First; you need to install the "autofs" package. It should include some appropriate
config files. The files you need is /etc/auto.master
• There are two types of Auto-mounting

 Direct and Indirect Auto-mounting
1. Direct Auto-Mounting:
In direct mounting for each partner server a mount point (dir) needs to be created.
For example if there are 10 nfs share to be mounted at client side, there must be 10
directories created and managed manually.
2. Indirect Auto-Mounting:
In this type of mounting for all NFS server shares, only one mother directory needs
to be created and for each server a sub-directory will be automatically created and
used for mounting.
Note: Before going for Auto-mounting remove all kind of mounting done previously
Page 218 of 273

Steps to configure Indirect auto-mount at client side
Step1: Log into client side and check whether autofs is install or not, if not install autofs
• Check whether autofs is install or not
#rpm –q autofs
• if it is not installed, install it by using yum or rpm

#yum install autofs* -y
Step2: Edit the /etc/auto.master as follows

#vim /etc/auto.master
Standby time
Dir to mount NFS auto mount configuration file for this mount point
Step3: Create /etc/auto.nfs file and /nfscl directory if not created earlier
• #vim /etc/auto.nfs
Name to be used for sub-dir Permissions NFS server and directory name
Step4: Start/Restart the autofs service and make it permanent

• #systemctl start/restart autofs
• #systemclt enable autofs
Step5: log into the given directory given in /etc/auto.master i.e. /nfscl and check that if NFS
is mounted by mount command
Note: Still NFS dir will not be mounted on the client side
Page 219 of 273

Step6: change the directory to the name given in /etc/auto.nfs i.e. 81 and then auto
mounting will be done.
#cd 81
#ls
Steps to configure Direct auto-mount at client side

Step1: Edit the auto.master file as follows
Standby Time
Direct mount auto mount configuration file for this mount point
Step2: Edit /etc/auto.nfs file and /nfscl directory if not created earlier
• #vim /etc/auto.nfs
Path of the directory to be used Permissions NFS server and directory name
Step3: Reload the autofs services

• #systemctl reload autofs
Step5: log into the given directory given in /etc/auto.master i.e. /nfscl and check that if NFS
is mounted by mount command
Page 220 of 273

Steps for removing NFS
Step1: Remove all autofs details from all configuration files like /etc/auto.master and
/etc/auto.nfs
Step2: Delete the entries of the NFS share you want to remove, from /etc/exports on the
server and un-export all the directory which was exported earlier using following command
• # exportfs –auv
Note: - if you don’t have DNS and still want to use hostname instead of IP, update
hostname with its ip in /etc/hosts file and then you can use hostname instead of IP
To check ports and protocol on nfs server from client side, the following commands can be
used
#rpcinfo –p <server ip>
Finally we are done with all the NFS practical. Do hands on practice on it, as it is important
in real world
Page 221 of 273

SAMBA SERVER
• The whole point of networking is to allow computers to easily share information. Sharing
information with other Linux boxes, or any UNIX host, is easy—tools such as FTP and NFS
are readily available and frequently set up easily “out of the box”. Unfortunately, even the
most die-hard Linux fanatic has to admit the operating system most of the PCs in the world
are running is one of the various types of Windows. Unless you use your Linux box in a
particularly isolated environment, you will almost certainly need to exchange information
with machines running Windows. Assuming you're not planning on moving all of your files
using floppy disks, the tool you need is Samba.
• Samba is an implementation of a Common Internet File System (CIFS, also known as SMB)
protocol server that can be run on almost every variant of Unix in existence. Microsoft
clients will use this protocol to access files and printers located on your Unix
box just as if it were a native Windows server.
• Samba allows linux computers to share files and printers across a network connection. By
using its SMB protocol, your linux box can appear in Windows Network Neighborhood or
My Network Places just like any other windows machine. You can share files this way, as
well as printers. By using samba on my home network, for example, my Windows
machines have access to a printer directly hooked up to my Linux box, and my Linux box
has access to a printer directly hooked up to one of my Windows machines. In addition,
everyone can access everyone else's shared files. You can see how samba can be very
useful if you have a network of both Windows as well as Linux machines.
Page 222 of 273

Profile for SAMBA:
Usage : used for sharing files and directories in the network

Between different platforms, like Linux-windows
Package : SAMBA, SAMBA-common, SAMBA-client.
Daemons : smbd, nmbd
Port no : 137 (net bios –ns{name service}), 138 (net bios–dgm
{Datagram}), 139 (net bios-ssn {session service}),
445 (Microsoft –ds {dist sys})
File system : CIFS (common internet file system)
Config file : /etc/samba/smb.conf
Sample file : /etc/samba/smb.conf.example
Steps to configure SAMBA server
Step1: Check and Install the SAMBA package, if not installed

#rpm –q samba
• Install the package using yum

#yum install samba* -y
Page 223 of 273

Step2: Make a directory and assign full permission to it, which will be shared
• #mkdir /samba
• #chmod 777 /samba
.
Step3: Check the context of the directory and change it according to samba
• #ls –ldZ /samba
• #chcon –t samba_share_t /samba
Step4: Create a user or use any existing user who will be allowed to log in as samba user,
add that user to samba user
• As we have a existing user “myuser”, let’s just make it samba user
#smbpasswd –a <username>
#smbpasswd –a myuser
Give password twice and wait till it add the user
Note: To delete a user from samba use #smbpasswd –x <user name>
• To check all the samba user use

#pdbedit –L
Step5: Go to the sample configuration file i.e. /etc/samba/smb.conf.example and copy the
last paragraph as shown below
• Open the /etc/samba/smb.conf and paste the copied paragrah shown below and edit
it.
Page 224 of 273

• Once pasted remove “;” mark before it and change it according to following picture
Explanation about the above fields

• [myshare] : Share Name
• Comment = Public Stuff : Comment
• Path = /samba : Share Directory
• Public = no : Public Access (Every user in network)
• Valid user = myuser : Authorized user
• Writable = yes : Write Permission
• Printable = no : Print permission
• Host allow= 192.168. : Network Range or host range
Note: Use 192.168.10. To allow only 192.168.10 network, in our case we have allowed any
machine in 192.168. Network
Step5: Test the samba parameters and restart the service and make it enable after reboot
• To test the parameters us the following command
#testparm
Page 225 of 273

• Start the services and make it permanent by enabling it.
#systemctl start smb; systemctl enable smb
#systemctl start nmb; systemctl enable nmb
Step6: Add samba service in firewall in RHEL7
Windows as a samba client:
To connect from windows to the samba server, Right click on My Computer icon select
Page 226 of 273

• Give the address of samba server as “\\192.168.10.93\ktshare(sharename), press on
finish to continue.
It will prompt for user name and passwd, give samba user and passwd and click on OK
• A window will be opened, start adding some data to it from both sides
Page 227 of 273

Linux as a SAMBA Client
• Log into Linux machine and check how many samba servers are there in your network
#findsmb
• Check the share name of that samba server by using following command
#smbclient –L //192.168.10.93
when prompted for passwd just press enter without giving any passwd
Page 228 of 273

• To connect to the samba server use the following syntax
#smbclient //<server IP>/<share name> -U <User name>
#smbclient //192.168.10.93/myshare –U myuser
• To mount the SAMBA directory on remote Linux client

• Make sure cifs-utils package is installed, if not install it first before using mount
command.
• The syntax for mounting samba share is as follows
#mount –t <type of fs> //<server IP address>/<share name> /<mount point> -o user=
<user name>.
#mount –t cifs //192.168.10.93/myshare /mnt –o user=myuser
Note: To learn how to make samba permanent mount and auto-mount visit my website
http://musab.in/2014/02/making-samba-permanent-and-auto-mount-in-linux/
Page 229 of 273

DNS (Domain Name System) SERVER
Domain Name System
The Domain Name System (DNS) is the crucial glue that keeps computer networks in harmony
by converting human-friendly hostnames to the numerical IP addresses computers require to
communicate with each other. DNS is one of the largest and most important distributed
databases the world depends on by serving billions of DNS requests daily for public IP
addresses. Most public DNS servers today are run by larger ISPs and commercial companies
but private DNS servers can also be useful for private home networks.
Like the telephone system, every device attached to the Internet has a unique number, its IP
address. Also like the telephone system there is a directory services to help you find those
numbers called DNS.
If you have someone's name and address you can call a directory services, give them the
details you know and they will (usually) give you the telephone number to call them. Likewise,
if you know a server's host name (maybe http://www.google.co.in/) you can give that name
to a DNS server and it will give you the IP address of that server.
Page 230 of 273

The format of a domain name
Like a physical address, Internet domain names are hierarchical (only a little stricter), so while
your address might look like:
House name: TM Residency

Ameerpet
Town: Hyderabad
County: Telangana
Country: India
An Internet domain name looks like:

Host name www
Domain google
Second level domain co
Top-level domain In
A database is made up of records and the DNS is a database. Therefore, common resource
record types in the DNS database are:
• A - Host's IP address. Address record allowing a computer name to be translated into
an IP address. Each computer must have this record for its IP address to be located.
These names are not assigned for clients that have dynamically assigned IP addresses,
but are a must for locating servers with static IP addresses.
• PTR - Host’s domain name, host identified by its IP address
• CNAME - Host’s canonical name allows additional names or aliases to be used to locate
a computer.
• MX - Host’s or domain’s mail exchanger.
• NS - Host’s or domain’s name server(s).
• SOA - Indicates authority for the domain (Start of Authority)
• TXT - Generic text record
• SRV - Service location record
• RP - Responsible person
• HINFO - Host information record with CPU type and operating system
The package which is used in Linux for performing DNS activity is BIND (Berkeley Internet
Name Domain)
Page 231 of 273

Profile for DNS Server
Usage : To Resolve IP into hostname and vice-versa
Package : bind, caching-name
Daemon : named
Port : 53
Configuration File : /etc/named.conf, /etc/named.rfc1912.zones
Document root : /var/named/
Step by Step configuration of DNS server
Step1: Check and Install the package for DNS

• The package which is to be installed for DNS is bind and caching
#rpm –q bind
• To install the package use yum or rpm command
Page 232 of 273

Step2: Update the /etc/hosts file with the server’s ip address, and change the hostname
with fully qualified domain name.
• Change the hostname by adding fully qualified domain name

#hostnamectl set-hostname mlinux3.vpts.com
Note:- change the hostname on all clients by making it FQDN
• Update /etc/hosts on DNS server with hostname and IP address

#vim /etc/hosts
Step3: Edit the configuration file “/etc/named.conf

• Edit the /etc/named.conf file with our name server’s IP address and network range for
clients.
#vim /etc/named.conf
Note: Need to add our systems details in highlighted lines
Where 192.168.10.31 is our Name server’s IP Address

And 192.168.10.0/24 is the network‘s range from where clients can query the Name
server. If you want it be open for all network, your “any” instead of network addr.
Page 233 of 273

Step4: Edit the other zone configuration file i.e. “/etc/named.rfc1912.zones
• To add the details of the zones i.e. forward lookup zone and reverse lookup zone we
need to edit the /etc/named.rfc1912.zones file as shown below
#vim /etc/named.rfc1912.zones
Copy the following 11 lines and paste it at the end of the file
Once pasted, edit the fields as follows
Where “vpts.com” is the name of the domain

And “10.168.192.in-addr.arpa” is the reverse order of our domain network.
“my.flz” is the name of the forward lookup zone file and...
“my.rlz” is the name of the reverse lookup zone file.
Note: extensions like flz or rlz are not required it is only used here to demonstrate
forward and reverse zones
Step5: Navigate to /var/named/ directory and create a forward and reverse zone files.
• Navigate to /var/named/ directory and copy the named.localhost file with its
permissions as my.flz and edit it.
#cd /var/named
#cp –p named.localhost my.flz
Page 234 of 273

• Edit my.flz file as follows
• Copy again named.localhost, this time as my.rlz or copy my.flz to my.rlz to avoid re-
typing common entries in both files, and edit it as shown below.
#cp –p my.flz my.rlz
#vim my.rlz
Step6: check whether the zone files are consistent or not

• To check the consistency of zone files the command is
#named-chkzone <domain name> zone file
#named-chkzone my.com my.flz (if you are not in named dir give absolute path)
#named-chkzone network addr my.rlz
Page 235 of 273

Step7: Restart the appropriate services
• Start the named service and make it permanent
#systemctl start named; systemctl enable named
Step8: Add DNS in firewall trust services to avoid blockage by firewall

#firewall-cmd --add-service=dns --permanent
Step9: Add the address of DNS server in /etc/resolv.conf on server side

• Edit the /etc/resolv.conf and add the IP of DNS server
#vim /etc/resolv.conf
Okay, now we’ve done with DNS server configuration, check whether it is resolving IP to
hostname and hostname to IP using various commands.
• Using dig command to check the DNS resolution
• Check with giving hostname of server
#dig <FQDN> of server/#dig mlinux3.vpts.com
Page 236 of 273

• Check with giving IP of hostname
#dig –x 192.168.10.30
• Check the same with client’s IP and Host name

#dig mlinux4.vpts.com
• With IP address:
#dig –x 192.168.10.40
Page 237 of 273

Using ping to test the resolution
• Try pinging with hostname both server and client
#ping –c2 mlinux4
Using host command to check resolution

• Checking the DNS resolution with host command for both server as well as clients
#host <hostname>
#host mlinux3
#host mlinux4
• Using host command with IP address of server as well as client

#host 192.168.10.3
#host 192.168.10.4 (or) 5, 6 any client
Using nslookup command to check the DNS resolution

• Use nslookup command with server and clients hostname and check it
#nslookup mlinux2
#nslookup mlinux3
Page 238 of 273

• Check the same thing with IP addresses
#nslookup 192.168.10.30
#nslookup 192.168.10.40
Client side configuration for DNS

• Log into any client machine and add the DNS server’s information in /etc/resolv.conf
file.
#vim /etc/resolv.conf
• Now check with any of the options used previously like dig, ping, host or nslookup for
dns resolution
Do the same for every client and check it with various commands on every client
Also make sure that hostname should Fully Qualified Domain Name.
Page 239 of 273

MAIL SERVER
Electronic mail is one of the best way to communicate for computer users anywhere in the
world. If I wanted to write an email message to my friend who is sitting somewhere in the
world, I simply open up my outlook-click on compose-type my friends email address in the
“to box-mention” the subject-draft the message-attach files (if needed)-click on send. That’s
it. This is what I do to send an email to my friends. Not only me, all the computer users will
do the exact same thing. But for most of the time i didn’t know how the mail flow takes place.
How the transfer takes place and how will it reach the recipient and the intermediate process
and so on....
There are a few new keywords we need to look into......

1. Mail User Agent
Mail User Agent: MUA is the email client which we use to create-draft-send emails. Generally
Microsoft Outlook, Thunderbird, Kmail and so on....... are examples of MUA’s
2. Mail Transfer Agent
Mail Transfer Agent: Message, Mail transfers between sender(s) and recipient(s) will take
place between the MTA’s. Exchange, Qmail, Sendmail, PostFix and so on.... are example of
MTA’s
Mail Delivery Agent: It is an agent which is responsible for delivery of mail to the devices like
laptop, desktop, mobiles and tabs etc. lmtp, pop3, imap4 etc., are the examples of MDA
SMTP
Simple Mail Transfer Protocol will transfer the mails between the MTA’s
Let’s take a deeper look into this with a small example. The below picture will depict how mail
flow takes place between sender and recipient.
Page 240 of 273

From the above picture, when the sender clicks on Send in his MUA, the mail will be
transferred to the MTA of the sender which exists in the Mail server of the Sender. The MTA
of the sender will check for the recipients address (MX records-Mail Exchange Records) and if
it finds the recipients address then the mail will be flowed from Senders MTA to Recipient
MTA using the SMTP via TCP Port 25. Once the Recipients MTA receives the email, it will be
transferred to MUA of recipient. Once the Recipient Clicks on the Send/Receive button then
the email will be once click away from him residing in his inbox.
In addition to the above processes there is another agent called as MDA-Mail delivery agent.
MDA will receive the email from the MTA and will deliver it the the recipients MUA.
Profile for MAIL server
Usage : To send and receive emails

Package : Postfix, Dovecot
Configuration file : /etc/postfix/main.cf, /etc/dovecot/dovecot.conf
Port no : 25 – SMTP (Simple Mail Transfer Protocol)
Daemon : postfix, dovecot
Lab Work:
Pre-requisite: DNS should be configured and server as well as client should be participant
of it
Step 1: Check the hostname of the system
#hostname
Step 2: Install the Packages
Note: Most probably postfix will be pre-install, so only dovecot is needed to be installed
Step 3: Search and Edit the configuration file /etc/postfix/main.cf as shown:

#vim /etc/postfix/main.cf with following line numbers
Step 4: Edit the configuration file /etc/dovecot/dovecot.conf as shown

#vim /etc/dovecot/dovecot.conf ; line no. 24
Page 241 of 273

Step 5: Start/Restart the services and make them permanent
#systemctl restart postfix; systemctl enable posfix
#systemctl start dovecot; systemctl enable dovecot
Step 6: Allow smtp in firewall as below
Step 7: Add the following entries with the MX record in DNS

#vim /var/named/my.flz (forward zone)
Step 8: Reload the named service
Client side configuration for RHEL machine

Step1: Make the following change in /etc/postfix/main.cf
Note: Line no. varies from rhel6, 7 and 8 versions.
Step2: Restart the postfix service
Page 242 of 273

Step 3: Allow smtp in firewall as below
Send the mail from one machine to other as following:

#mail -s (subject) user@hostname
#mail -s TESTMAIL root@mlinux4.com
Check the mail que, to see if the mail has flown out or not
#mailq
Note: If mailq is empty, that means the mail has been sent
Check the mailbox on destination server, whether mail is received

#mail
Read the mail number 1 and reply
Reply it using “r” key
Page 243 of 273

Check back on first Machine whether it received a mail back or not
#mail
Also test mails from between two different clients to test Relay host functionality.
To delete the mails stucked in mailq use the following comand

#postsuper -d ALL
Note: If internet connection is available and you have a registered domain on internet,
then you can send the mails directly to any mail address in the world, but unregistered
domains mail will be rejected..
That’s it, keep working
Page 244 of 273

WEB SERVER (APACHE)
• Every Web site sits on a computer known as a Web server. This server is always
connected to the internet. Web servers are computers that deliver (serves up) Web
pages. Every Web server has an IP address and possibly a domain name.
• A web server can mean two things - a computer on which a web site is hosted and a
program that runs on such a computer. So the term web server refers to both
hardware and software.
• A web server is what makes it possible to be able to access content like web pages or
other data from anywhere as long as it is connected to the internet. The hardware
houses the content, while the software makes the content accessible through the
internet.
• The most common use of web servers is to host websites but there are other uses like
data storage or for running enterprise applications. There are also different ways to
request content from a web server. The most common request is the Hypertext
Transfer Protocol (HTTP), but there are also other requests like the Internet Message
Access Protocol (IMAP) or the File Transfer Protocol (FTP).
Page 245 of 273

How a Web Server Works
A simple exchange between the client machine and Web server goes like this:
1. The client's browser dissects the URL in to a number of separate parts, including address,
path name and protocol.
2. A Domain Name Server (DNS) translates the domain name the user has entered in to its IP
address, a numeric combination that represents the site's true address on the Internet (a
domain name is merely a "front" to make site addresses easier to remember).
3. The browser now determines which protocol (the language client machines use to
communicate with servers) should be used. Examples of protocols include FTP, or File Transfer
Protocol, and HTTP, Hypertext Transfer Protocol.
4. The server sends a GET request to the Web server to retrieve the address it has been given.
For example, when a user types http://www.example.com/1.jpg, the browser sends a GET
1.jpg command to example.com and waits for a response. The server now responds to the
browser's requests. It verifies that the given address exists, finds the necessary files, runs the
appropriate scripts, exchanges cookies if necessary, and returns the results back to the
browser. If it cannot locate the file, the server sends an error message to the client.
5. The browser translates the data it has been given in to HTML and displays the results to the
user.
Page 246 of 273

Profile for Apache Server
Use : Hosting a web site.
Package : httpd
Port : 80/http
Configuration File : /etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/ssl.conf
Sample Config File : /usr/share/doc/httpd/httpd-vhosts.conf
Configuration directory : /etc/httpd/conf.d
Document Root : /var/www/html
Daemon : httpd
Steps to configure a simple web server

Step1: Install the package
• The package for apache web server is httpd.
#yum install httpd* -y
Step2: Copy a sample file to /etc/httpd/conf.d folder and edit it.

• #cp /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/msw.conf
• Edit the copied file

• #vim /etc/httpd/conf.d/msw.conf
Keep these lines in file and edit it with your preferences.
Page 247 of 273

• Edit the file as below
Step2: Navigate to the document root folder i.e. /var/www/html/ and create an
index.html file which will be accessed through a web browser
• #vim /var/www/html/index.html
Step3: Start the service and enable it in boot configuration

#systemctl start httpd; systemctl enable httpd
Step3: Allow http in firewall trusted list
Step4: Access the Server via web browser like Firefox, etc.
• Open Firefox web browser and type the IP Address of the web server
http://192.168.106.81
Page 248 of 273

Same thing with hostname
• http://mlinux1.my.com
• (note: the client must be integrated with DNS, to get this thing work)
• To open the website from command line use the following command
#curl <IP/HOSTNAME of web server>
#curl 192.168.106.81
Also Try #elinks --dump 192.168.10.95 and check the output
DNS configuration to get the feel of “www”

• Open the DNS configuration file and add the canonical name as “www”, so that we can
use our domain as full fledge website.
#vim /var/named/my.rlz
• Restart the DNS services

#systemctl restart/reload named
Page 249 of 273

• Okay! now we are ready, point the browser to the address as follows
www.my.com
Note: This will only work in your DNS range, from others who are not in DNS use ip
addresses
To create an Alias/other page in the same website

• Navigate to the document root i.e. /var/www/html/ and create a folder
• Create an index.html
• Open the configuration file /etc/httpd/conf.d/msw.conf and add a line as alias

#vim /etc/httpd/conf/httpd.conf (RHEL6)
#vim /etc/httpd/conf.d/httpd-vhosts.conf (RHEL7)
• Reload the httpd service

#systemctl reload httpd
Page 250 of 273

• Open the Firefox web browser and type the following url
http://192.168.106.81/2 or http://mlinux1.my.com/2
Redirecting the page to other website:

• Redirecting is to take the visitor to other website while they visit a particular page in
our website
• To redirect a website, navigate and open the configuration file of http i.e.
/etc/httpd/conf.d/msw.conf and add the following line in it at the end.
#vim /etc/httpd/conf.d/msw.conf
• Reload the httpd service

• Take a browser and type the following website address

http://192.168.106.81/3 and it will take you to unixmate’s website
After pressing enter it will redirect to the following website
Page 251 of 273

Virtual Web hosting
Virtual hosting is a method for hosting multiple domain names on a server using a single IP
address. This allows one server to share its resources, such as memory and processor cycles,
in order to use its resources more efficiently.
Port based Hosting:
• The default port number for HTTP is 80. However, most web servers can be configured to
operate on almost any port number, provided the port number is not in use by any other
program on the server.
• For example, a server may host the website www.example.com. However, if the owner
wishes to operate a second site, and does not have access to the domain name
configuration for their domain name, and/or owns no other IP addresses which could be
used to serve the site from, they could instead use another port number, for
example, www.example.com:81 for port 81, www.example.com:8000 for port 8000,
or www.example.com:8080 for port 8080.
Steps to configure a port based web hosting

Step1: Make a directory for port based web hosting in document root i.e. /var/www/ say
port.
#mkdir /var/www/port
Step2: Navigate to port directory and create an index.html file there
Step3: Navigate to /etc/httpd/httpd.conf and copy the old file i.e., msw.conf with new
name for new website
#cd /etc/httpd/conf.d/httpd
#cp msw.conf port.conf
#vim /etc/httpd/conf.d/port.conf
Page 252 of 273

Step4: Reload the httpd service
• Allow the port no 8080 in firewall in RHEL7
Open Firefox and type http://192.168.106.81:8080
Name Based Virtual web Hosting

• Name-based virtual hosts use multiple host names for the same web server IP address.
• With web browsers that support HTTP/1.1 (as nearly all now do), upon connecting to a
webserver, the browsers send the hostname from the address that the user typed into
their browser's address bar along with the requested resource itself to the web server.
The server can use the Host header field to determine which web site (or virtual host), as
well as page, to show the user. The browser specifies the address by setting the Host HTTP
header with the host specified by the user. The Host header is required in all HTTP/1.1
requests.
• For instance, a server could be receiving requests for two domains, www.example.com
and www.example.net, both of which resolve to the same IP address. For www.example.com,
the server would send the HTML file from the directory /var/www/user/Joe/site/, while
requests for www.example.net would make the server serve pages
from /var/www/user/Mary/site/.
• Example: A blog server can be hosted using Name base hosting. blog1.example.com
and blog2.example.com
Page 253 of 273

Steps to configure name based web hosting:
Step1: Make a directory in document root i.e. /var/www/ with some name say “ktname”
#mkdir /var/www/name
• Add an index page in it

#vim /etc/var/www/name/index.html
Step2: Update the DNS zone configuration files with the new hostname of the web server
#vim /var/named/my.flz
#vim /var/named/my.rlz
• Reload the DNS services

#systemctl reload named
Page 254 of 273

Step5: Navigate to /etc/httpd/httpd.conf and copy the old file i.e., port.conf with new name
for new website
#cd /etc/httpd/conf.d/httpd
#cp port.conf name.conf
Step6: Reload the httpd services

http://prod.my.com now it will navigate to our name based web page

Note: Use the client which is the DNS network to resolv the name.
Page 255 of 273

CONFIGURING HTTPS SERVER USING SELF-SIGNED CERTIFICATE
What is HTTPS?
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary
protocol used to send data between a web browser and a website. HTTPS is encrypted in
order to increase security of data transfer. This is particularly important when users transmit
sensitive data, such as by logging into a bank account, email service, or health insurance
provider.
Any website, especially those that require login credentials, should use HTTPS. In modern web
browsers such as Chrome, websites that do not use HTTPS are marked differently than those
that are. Look for a green padlock in the URL bar to signify the webpage is secure. Web
browsers take HTTPS seriously; Google Chrome and other browsers flag all non-HTTPS
websites as not secure.
How does HTTPS work?
HTTPS uses an encryption protocol to encrypt communications. The protocol is called

Transport Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL).
This protocol secures communications by using what’s known as an asymmetric public key
infrastructure. This type of security system uses two different keys to encrypt
communications between two parties:
1. The private key - this key is controlled by the owner of a website and it’s kept, as the
reader may have speculated, private. This key lives on a web server and is used to
decrypt information encrypted by the public key.
2. The public key - this key is available to everyone who wants to interact with the server
in a way that’s secure. Information that’s encrypted by the public key can only be
decrypted by the private key.
Why is HTTPS important? What happens if a website doesn’t have HTTPS?

HTTPS prevents websites from having their information broadcast in a way that’s easily
viewed by anyone snooping on the network. When information is sent over regular HTTP, the
information is broken into packets of data that can be easily “sniffed” using free software.
This makes communication over the unsecure medium, such as public Wi-Fi, highly vulnerable
to interception. In fact, all communications that occur over HTTP occur in plain text, making
them highly accessible to anyone with the correct tools, and vulnerable to on-path attacks.
With HTTPS, traffic is encrypted such that even if the packets are sniffed or otherwise
intercepted, they will come across as nonsensical characters. Let’s look at an example:
Page 256 of 273

Before encryption:
This is a string of text that is completely readable
After encryption:
ITM0IRyiEhVpa6VnKyExMiEgNveroyWBPlgGyfkflYjDaaFf/Kn3bo3OfghBPDWo6AfSHlNtL
8N7ITEwIXc1gU5X73xMsJormzzXlwOyrCs+9XCPk63Y+z0=
In websites without HTTPS, it is possible for Internet service providers (ISPs) or other
intermediaries to inject content into webpages without the approval of the website owner.
This commonly takes the form of advertising, where an ISP looking to increase revenue injects
paid advertising into the webpages of their customers. Unsurprisingly, when this occurs, the
profits for the advertisements and the quality control of those advertisements are in no way
shared with the website owner. HTTPS eliminates the ability of unmoderated third parties to
inject advertising into web content.
Steps to configure SSL based website:
1. Install httpd openssl mod_ssl packages using yum or dnf
Note: in this case httpd and openssl are already installed during httpd server configuration.
2. Create an self-signed SSL certificate and RSA private key to be used for securing website
#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
Note: answer the questions asked to complete certificate and key creation
Page 257 of 273

Check in the current folder you are, the key and certificate will be available
3. Copy cert file and key file in following locations
4. Add the key and certificate location in /etc/httpd/conf.d/ssl.conf file
5. Create a configuration file for a new website in /etc/httpd/conf.d folder
[root@mlinux4 ~]# vim /etc/httpd/conf.d/myweb.conf

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
ServerName www.myweb.com
DocumentRoot /var/www/html/myweb
</VirtualHost>
6. Create a new directory in /var/www/html with the name myweb to hold website data
and create index.html file.
7. Start the service of httpd and make it enabled to be started at boot time automatically
Page 258 of 273

8. Add http https and or port 443 in firewall to allow access
9. Try connecting from a browser using name or IP of the website

https://192.168.10.40 or https://www.myweb.com (name can be used if dns or
/etc/hosts file is updated on client side
Click on Advanced and proceed
Page 259 of 273

For video tutorials of the following topics please visit my
blog http://www.musab.in
http://musab.in/2018/03/configuring-proxy-and-dhcp-on-centos-rhel7/
Page 260 of 273

SQUID PROXY SERVER
A proxy server is one that receives requests intended for another server and that acts on the
behalf of the client (as the client proxy) to obtain the requested service. It is often used when
the client and the server are incompatible for direct connection. For example, the client may
be unable to meet the security authentication requirements of the server but may be required
to access some services. It may also be used for screening purposes to enable the
administrator to control access to undesirable sites. The proxy server may also be used for
caching purposes, which enables faster access to frequently used websites. All the computers
connected to the LAN access the Internet through a single IP address, resulting in improved
security simply because the number of ports exposed is reduced.
Profile for Squid proxy server
Use : To Share Internet, Restrict unwanted websites.

Package : squid
Port : 3128 (default)
Configuration Files : /etc/squid/squid.conf
Daemon : squid
Page 261 of 273

Configuring a proxy server for internet sharing:
Step1: Check and Install the squid package
Step2: Edit the configuration file for squid i.e. “/etc/squid/squid.conf”, Add the network
range from where the clients can connect to proxy server.
#vim /etc/squid/squid.conf
Step3: Start the squid services and make it permanent

#systemctl start squid; systemctl enable squid (RHEL7)
Step4: Allow the squid service in firewall in RHEL7
Page 262 of 273

Client side configuration for receiving internet:
Step1: Open Browser, ex: firefox, go to edit/tool  Preferences
Step2: Go to Advanced  Network and select Settings
Step3: Enter the proxy server ip and port number as shown below
Page 263 of 273

Step4: Type the website address to see is it connecting
Blocking websites through proxy:-

Step1: Go to the configuration file, /etc/squid/squid.conf and add the following
parameters.
Step2: Restart/Reload the squid services (preferably reload)
Step3: Check with the browser can you access www.hotmail.com through your browser
Page 264 of 273

Blocking multiple sites using proxy:
Step1: Create a file in /etc/squid with any name and add the phrase of the website, which
you want to block
#vim /etc/squid/block
Step2: Add the same file info in configuration file, i.e., /etc/squid/squid.conf
Step4: Go to client browser and check wether the sites are being blocked
Page 265 of 273

Changing the default port of Proxy:
Step1: By default the port no. for proxy is 3128, which can be changed by making a small
change in the configuration file as shown below and change it to 8000.
Step3: Allow the new port into firewall
Step4: Go to client’s browser and check whether with default port, i.e. 3128, whether it is
allowing internet or not.
Page 266 of 273

Step 4: change the port to 8000 and check whether internet is allowed or not.
Step6: Try again by refreshing the page and it would certainly work
Note: Squid Proxy is only the basic proxy, to learn more on proxy google for the third party
tools like; Squidguard, Untangle and Smoothwall. There is lot to do with squid, try doing
google and read the /etc/squid/squid.conf for more information.
Page 267 of 273

DHCP SERVER
What is DHCP?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to
automatically assign an IP address to a computer from a defined range of numbers (i.e., a
scope) configured for a given network.
DHCP allows a computer to join an IP-based network without having a pre-configured IP

address. DHCP is a protocol that assigns unique IP addresses to devices, then releases and
renews these addresses as devices leave and re-join the network.
Internet service providers usually use DHCP to help customers join their networks with
minimum setup effort required. Likewise, home network equipment like broadband
routersoffers DHCP support for added convenience in joining home computers to local area
networks (LANs).
Page 268 of 273

How does DHCP works?
The “DORA” process in DHCP
DHCP assigns an IP address when a system is started, for example:
1. A user turns on a computer with a DHCP client.

2. The client computer sends a broadcast request (called a DISCOVER or
DHCPDISCOVER), looking for a DHCP server to answer.
3. The router directs the DISCOVER packet to the correct DHCP server.
4. The server receives the DISCOVER packet. Based on availability and usage policies set
on the server, the server determines an appropriate address (if any) to give to the
client. The server then temporarily reserves that address for the client and sends
back to the client an OFFER (or DHCPOFFER) packet, with that address information.
The server also configures the client's DNS servers, WINS servers, NTP servers, and
sometimes other services as well.
5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the server know that
it intends to use the address.
6. The server sends an ACK (or DHCPACK) packet, confirming that the client has a been
given a lease on the address for a server-specified period of time.
When a computer uses a static IP address, it means that the computer is manually
configured to use a specific IP address. One problem with static assignment, which can
result from user error or inattention to detail, occurs when two computers are configured
with the same IP address. This creates a conflict that results in loss of service. Using DHCP to
dynamically assign IP addresses minimizes these conflicts.
Page 269 of 273

Profile for DHCP server
Usage : To assign IP’s to the computers in the network dynamically.

Package : Dhcp
Configuration file : /etc/dhcp/dhcpd.conf
Port no : 67, 68
Daemon : dhcpd
Note: Pl watch the video tutorial to configure dhcp server on my website using following
url
http://musab.in/2018/03/configuring-proxy-and-dhcp-on-centos-rhel7/
Configuring a DHCP server:
Step1: Check whether the package is installed or not
Step2: Install the package using yum,
Step3: Copy the example file for dhcp configuration over dhcp configuration file,
i.e., /etc/dhcp/dhcpd.conf
Page 270 of 273

Step4: Open the configuration file and edit it as per the requirement.
Subnet : The subnet of the network

Netmask : The netmask of the network
Range : The range of IP address to be assigned to the clients, in short
“Scope”
Option routers : gateway address (optional)
Default-lease-time : The minimum lease time of the ip assigned to the clients
Max-lease-time : The maximum lease time of the IP assigned to the clients
Step5: Make sure the dhcp server contains same range static IP as follows
Step6: Start/Restart the dhcp services and make it permanent
Step 7: Allow dhcp in firewall
Page 271 of 273

Client side configuration for DHCP:
RHEL6 as a client
Step1: Make the dhcp option enabled in network configuration using #setup command.
Step2: Restart the network services and check the IP address is in dhcp scope.
Step3: Check the IP address using #ifconfig command
Page 272 of 273

RHEL7 as a client
Step1: Make the dhcp option enabled in network configuration using nmcli command
#nmcli con mod ens#(connection name) ipv4.method auto (dhcp)
Step2: activate the connection

#nmcli con up <con-name>
Step3: Check the IP address using #ifconfig command
Make the same changes in all the clients to get the dynamic IP.
Page 273 of 273

Ansible
Automation
for Linux
Admin
By Musab Syed
[REDHAT CERTIFIED]

Contact/whatsapp: +91 799 309 6092
musabsyd@gmail.com
Website: www.virtualpathtech.com, www.musab.in
ANSIBLE AUTOMATION FOR LINUX ADMINS LAB MANUAL:
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness
is implied.
Our Address:
VirtualPath Techno Solutions:
Phone or WhatsApp:+91 799 309 6092

E-mail : musabsyd@gmail.com
FOREWORD
Words to the Students
Though we have taken utmost efforts to present you this book error free, but still it may contain
some errors or mistakes. Students are encouraged to bring, if there are any mistakes or errors
in this document to our notice. So that it may be rectified in the next edition of this document.
This document provides good information on every topic and lab practices. This could become
more effective if equally good practice is done. I urge the readers/students to do rigorous practice to
polish your skill sets.
You can reach us on the following email address
info@virtualpathtech.com
musab@virtualpathtech.com
musabsyd@gmail.com
Go through our website and blog

www.virtualpathtech.com
www.musab.in
OTHER COURSES AT
VIRTUALPATH
LINUX 8 ADMINISTRATION
LINUX CLUSTERS
DEVOPS AWS
NETAPP &
OPENSTACK IBM &EMC SAN
NETAPP CLUSTER
ORACLE DBA, RAC IBM AIX, POWER

VMWARE
& GOLDEN GATE HA, LPAR VIO
SHELL SCRIPTING And Many More...
Table of Contents
1. Introduction ….......................…..…………………………………………………………………… 05-06

2. Installation of ANSIBLE using EPEL repository ……………………………………………….. 07-08
3. SETTING UP CONTROLLER/MASTER SERVER .…………………………………………………. 09-10
4. UNDERSTANDING THE CORE COMPONENTS….………………………………….…………... 11-19
5. Ansible Modules …………………………………………………………….………………………...... 20-23
6. Ansible plays and playbooks………………..……………………………………………………..…. 24-24
7. ANSIBLE VARIABLES WITH YAML …………..………………………………………………………. 25-35
8. ANSIBLE FACTS ……………………………………………………………………….………….…………. 36-40
9. CONFIGURING ANSIBLE MANAGED NODES……………………………………………………. 41-45
10. USEFUL SYSTEM ADMIN TASKS USING ANSIBLE PLAYBOOK……………………………. 46-54
ANSIBLE AUTOMATION FOR LINUX ADMIN
INTRODUCTION:
According to the official definition on docs.ansible.com, Ansible is an IT
automation tool. It can configure systems, deploy software, and orchestrate
more advanced IT tasks such as continuous deployments or zero downtime
rolling updates.
Ansible’s main goals are simplicity and ease-of-use. It also has a strong focus on
security and reliability, featuring a minimum of moving parts, usage of OpenSSH
for transport (with other transports and pull modes as alternatives), and a
language that is designed around auditability by humans–even those not
familiar with the program.
What it means is that it lets you manage software installations, updates,

configurations and tasks within your environment. Managing a huge
environment that have various LINUX, windows, and cloud and virtualization
instances can be managed in an automated way.
Page 5 of 54
Ansible was developed by Michael DeHaan and acquired by Red Hat in 2015.
The latest version of ansible is 2.10 and stable version is 2.9
The other tools which are similar to ANSIBLE are chef, puppet, salt etc. The thing
that makes ansible different from others is ANSIBLE is an agent less tool, which
does not required any special agent to be installed and running on client sides.
Usually ANSIBLE uses SSH to connect and manage UNIX/LINUX systems and
WINDOWS remote management and using PowerShell execution. It is
developed on python and most Ansible modules are written in Python, including
the ones central to letting Ansible work.
Ansible is installed and configured on LINUX and it is used as central control

station or master node. For non-linux users ansible came up with Ansible Tower,
a web based UI tool to control ansible without the need of linux command line.
Page 6 of 54
Installation of ANSIBLE using EPEL repository
To install ansible on a CENTOS OR Red Hat OS, we need to configure EPEL

(Extra Package of Enterprise Linux) repository which provides ansible package.
Note: Make sure the machine is able to connect to internet.
In the labs we are going to work with RHEL 8.3 or CentOS 8.3
1 machine as control node and 4 machines as managed hosts.
MHOST1
MHOST2
ANSIBLE
CONTROLLER OR
MASTER NODE
MHOST3
MHOST4
On Controller node login and configure EPEL repository using following

command.
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-
8.noarch.rpm -y
Or
#dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-
8.noarch.rpm -y
Page 7 of 54
Check the status of repositories by using repolist command, make sure BaseOS
and Appstream local repositories are also configured in addition to EPEL.
[root@ansible-c ~]# dnf repolist
repo id repo name
AppStream RHEL8_LOCALREPO-APPSTREAM
BaseOS RHEL8_LOCALREPO-BASEOS
epel Extra Packages for Enterprise Linux 8 - x86_64
epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64
Check whether ansible is installed on this machine so far or not

[root@ansible-c ~]# rpm -q ansible
package ansible is not installed
As local and EPEL both repositories are configured, its time now to install ansible
[root@ansible-c ~]# dnf install ansible –y
Check ansible version and configuration details after installation

[root@ansible-c ~]# rpm -q ansible
ansible-2.9.18-1.el8.noarch
[root@ansible-c ~]# ansible --version

ansible 2.9.18
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules',
'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Aug 18 2020, 08:33:21) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
It’s confirmed now that ansible is installed perfectly on master/controller node.
Page 8 of 54
SETTING UP CONTROLLER/MASTER SERVER
In this course we are going to use 1 machine as controller node or master with
4 managed nodes/hosts.
MHOST1
192.168.10.10/24
ANSIBLE MHOST2
CONTROLLER OR
MASTER NODE 192.168.10.20/24
Ansible-c
192.168.10.5/24
MHOST3
192.168.10.30/24
MHOST4
192.168.10.40/24
Configure /etc/hosts with all nodes IP and hostname for name resolution
#vim /etc/hosts
192.168.10.5 ansible-c.example.com master
192.168.10.10 mhost1.example.com mhost1
To verify the resolution use getent or ping command

[root@ansible-c ~]# getent hosts mhost1
[root@ansible-c ~]# getent hosts mhost2

[root@ansible-c ~]# getent hosts
Page 9 of 54
SETTING UP SSH BASED PASSWORD LESS LOGIN:
• Setup password less login or SSH based trust relationship from control node
and managed hosts.
• To setup SSH based password logins, either you can copy id_rsa.pub key
manually or using a “for loop” to automate your work.
• First of all we need to generate SSH Key pair as root user using ssh-keygen
command
Copying SSH public keys on all managed hosts using for loop
[root@ansible-c ~]# ls .ssh
id_rsa id_rsa.pub
[root@ansible-c ~]# for i in 1 2 3 4
> do
> ssh-copy-id mhost$i
> done
Now check ssh connectivity to managed hosts

[root@ansible-c ~]# ssh mhost1
[root@mhost1 ~]#
[root@mhost1 ~]#exit
[root@ansible-c ~]#
Do the same for all clients
Page 10 of 54
UNDERSTANDING THE CORE COMPONENTS
OF ANSIBLE CONFIGURATION
Introducing Ansible core components

• Ansible Configuration Files - Defines various default values to be used by
Ansible. Almost all default values can be overwritten in ansible ad-hoc
commands and playbooks.
• Ansible Inventories - Defines hosts and groups of hosts on which ansible
operates.
• Ansible Modules - Module is small python program which is designed to
execute specific task on ansible managed nodes or local node.
• Ansible Variables - Variables used in playbook.
• Ansible Facts - Represent data about remote systems gathered by Ansible
which can be used in playbooks as variables. Ansible facts are also very
important for conditional playbook execution.
• Ansible Plays - Ansible play basically defines target hosts and specific task(s)
to be executed on target hosts. Ansible play is written in YAML.
• Ansible Playbooks - List of ansible plays
Ansible Config file:

• Different Ansible settings can be configured using Ansible configuration file
named as ansible.cfg.
• When installing ansible using package manager (dnf or yum) , configuration
file is found at path /etc/ansible which is system wide directory.
• Ansible configuration file can be present at multiple locations as described
below and they are searched in same order.
ANSIBLE_CONFIG Environmental variable

ansible.cfg In current working directory
~/.ansible.cfg User’s home directory
/etc/ansible/ansible.cfg System wide default directory
Ansible searches for configuration file in the above order. Config file found first
is considered and others are simply ignored
Page 11 of 54
Lab Exercise:
1. Create a user ansible and logged in as ansible user on control node

[root@ansible-c ~]# useradd ansible
[root@ansible-c ~]# echo redhat |passwd ansible --stdin
Changing password for user ansible.
passwd: all authentication tokens updated successfully.
[root@ansible-c ~]#
[root@ansible-c ~]# su - ansible
[ansible@ansible-c ~]$ whoami
Ansible
2. Check ansible config file status #ansible --version

[ansible@ansible-c ~]$ ansible --version
ansible 2.9.18
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/ansible/.ansible/plugins/modules',
3. Create a file in /tmp with name anisble.cfg

Create a file in /home/ansible with name ansible.cfg
Finally create a hidden file /home/ansible with a name .ansible.cfg
Export a variable ANSIBLE_CONFIG=/tmp/ansible.cfg
[ansible@ansible-c ~]$ whoami
ansible
touch /tmp/ansible.cfg
[ansible@ansible-c ~]$ pwd

/home/ansible
[ansible@ansible-c ~]$ touch ansible.cfg

[ansible@ansible-c ~]$ touch .ansible.cfg
[ansible@ansible-c ~]$ export ANSIBLE_CONFIG=/tmp/ansible.cfg
[ansible@ansible-c ~]$ ansible --version

ansible 2.9.18
config file = /tmp/ansible.cfg
configured module search path = ['/home/ansible/.ansible/plugins/modules',
Page 12 of 54
4. Un-export the variable and check the status of config, delete each file created
and check the status of config file escalation.
Note: check /etc/ansible/ansible.cfg file for more information
Some Important Default Settings of Ansible

Below is list of important defaults which are used by Ansible if we don’t define
them in ansible.cfg file considered by Ansible.
[ Defaults ]
Option /Directive Default Value/Behaviour Explanation
Name
inventory /etc/ansible/hosts Default inventory file, ansible looks for
this file by default
remote_port 22 By default SSH port 22 is used to
connect, can be changed to desired if
required
forks 5 By default, Ansible starts 5 forks or
actions at a time, this can also be
changed
roles_path /etc/ansible/roles Ansible looks for roles in this directory
Page 13 of 54
gathering Implicit By default, Facts are always gathered
unless we set this directive to explicit in
config file.
module_name Command Default module is command module
which can be changed to some other
module.
Sample config file for a specific user
A different settings can be set as per user requirement using ansible.cfg

Let’s say
• Location of ansible inventory file
• Location of roles directory
• User to be used to connect to remote hosts
• Enabling/Disabling privilege escalation and other settings
A sample config file looks like this

vim /home/ansible/tasks/ansible.cfg
[defaults]
inventory = /home/ansible/tasks/hosts
roles_path = /home/ansible/tasks/roles
remote_user = ansible
[privilege_escalation]
become = yes
become_user = root
become_method = sudo
become_ask_pass = False
ANSIBLE INVENTORIES
• Ansible inventory file defines the hosts to be managed by ansible. Different
managed hosts can be grouped together in different groups.
• Ansible ad-hoc commands and playbooks are executed on inventory hosts
defined on command line and in playbook, respectively.
• Host and group specific variables are also defined in inventory file.
• Ansible inventory file default path is defined in ansible configuration file.
• Ansible inventory file can be defined in INI, YAML or JSON format. Most used
format is INI format.
• Ansible inventory file name is not a standard name, you can define any file in
ansible config file to be used as ansible inventory e.g. hosts or inventory or
mhosts.
Page 14 of 54
An Example of Ansible Inventory file in INI format
vim /home/ansible/tasks/hosts
[mygroup1]
host1
host2
192.168.10.10
host1.example.com
host[3:5]
[mygroup2]
webserver.example.com
db.example.com
Lab Exercise:
1. Add the all the hosts name in default inventory file /etc/ansible/hosts
[root@ansible-c ~]# vim /etc/ansible/hosts
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no

# leading 0s:
## db-[99:101]-node.example.com
[mygroup]
mhost1
mhost2
mhost3
mhost4
:wq!
2. Now run ansible command list hosts from ‘mygroup’ group

[root@ansible-c ~]# ansible mygroup --list-hosts
hosts (4):
mhost1
mhost2
mhost3
mhost4
3. Re-edit the /etc/ansible/hosts file in the form of range

root@ansible-c ~]# vim /etc/ansible/hosts
[mygroup]
mhost[1:4]
:wq!
Page 15 of 54
4. Now check the hosts list in different ways as shown below
[root@ansible-c ~]# ansible mygroup --list-hosts
hosts (4):
mhost1
mhost2
mhost3
mhost4
[root@ansible-c ~]# ansible my* --list-hosts
hosts (4):
mhost1
mhost2
mhost3
mhost4
5. Let’s do a ping test to check connectivity to all hosts using ping module
[root@ansible-c ~]# ansible mygroup -m ping or [root@ansible-c ~]# ansible my* -m ping
mhost1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
"ansible_facts": {
},
"changed": false,
"ping": "pong"
}
"ansible_facts": {
},
"changed": false,
"ping": "pong"
}
"ansible_facts": {
},
"changed": false,
"ping": "pong"
}
To see condensed one liner output

[root@ansible-c ~]# ansible mygroup -m ping -o
mhost1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"ping":
"pong"}
"pong"}
"pong"}
"pong"}
Page 16 of 54
6. Edit the config file as shown below and observe the results of ping test
[root@ansible-c ~]# vim /etc/ansible/ansible.cfg
[root@ansible-c ~]# ansible mygroup -m ping -o

"pong"}
"pong"}
"pong"}
"pong"}
Note: This time ping test will be one at a time, due to fork value =1
7. Restore fork value back to 5, comment the line, re-test the ping test and observe the
result in output
8. Same way change the remote_port = 222 and see whether it will be able to connect
remote hosts in ping command or not. Restore back to original value and comment back
after test.
Ansible Host and Group variables (Example)
vim /home/ansible/tasks/nodes
[mygroup1]
host1 ansible_user=ansible ansible_port=222
host2
192.168.10.10
host1.xyz.com
host[3:5]
[mygroup2]
webserver.xyz.com
db.xyz.com
[mgroup2:vars]
ansible_user=ansible
Page 17 of 54
Lab Exercise:
1. Create host groups and test with ansible command
[mygroup1]
mhost1 ansible_user=ansible ansible_port=222
mhost2
[mygroup2]
mhost[3:4]
[mygroup2:vars]
ansible_user=ansible
:wq!
Perform ping test with all hosts
Observe mhost1 is trying to connect via port 222
Go back to hosts file and remove ansible_port variable
Observe mhost1 is trying to connect with ansible user
Now test mygroup2 and observe group vars is working
Change group variable value to root user and ping test again
[mygroup2:vars]
ansible_user=root
[root@ansible-c ~]# ansible mygroup2 -m ping -o

mhost4 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-
python"},"changed"
mhost3 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-
python"},"changed"
Page 18 of 54
Organizing Host and Group Variables
Up till now we have learnt how we can mention host and group variables
in inventory files. In this chapter we will learn we can organize hosts and group
variables by putting them in a separate files for specific host and group.
Organizing variables is a cleaner approach when you have many hosts (or host
groups) in inventory file. To organize them, we must create directories with
name host_vars and group_vars at the same path where inventory file is
present.
To define host vars:

Create file with same as that of host (for example mhost1) under host_vars
directory and specify host vars specific to that host in this file.
For Example:
vim /etc/ansible/hosts/host_vars/mhost1 (Valid extensions are .yml,.yaml, .json and
no extension)
---
ansible_user: ansible
ansible_port: 222
:wq
To define group vars:

Create file with same name as that of group name and specify group vars in this
file.
Note: You must create directories with standard names host_vars and
group_vars to specify host and group specify variables. Also, you must create
these directories at path where inventory file is present.
For more information

visit https://docs.ansible.com/ansible/2.3/intro_inventory.html
Page 19 of 54
ANSIBLE MODULES
Modules (also referred to as “task plugins” or “library plugins”) are discrete units
of code that can be used from the command line or in a playbook task. Ansible
executes each module, usually on the remote target node, and collects return
values. Basically, a module is a command or set of similar Ansible commands
meant to be executed on the client-side.
Commonly used Modules are:

Most used modules are:
• ping
• setup
• yum
• yum_repository
• service
• package
• systemd
• cron
• lvg
• lvol
• parted
• template
• fetch
• register
• user
• group
• authorized_key
• lineinfile
• firewalld
• nmcli
• sefcontext
• selinux
• command
• file
• filesystem
• mount
• debug
• and many others
To check details about any module use #ansible-doc –l
Page 20 of 54
• To view only windows related modules
#ansible-doc -l |grep ^win
• To view non-windows modules
#ansible-doc -l |grep -v ^win
• To view file modules to manipulate files
#ansible-doc -l |grep -v ^win |grep ^file
Or
#ansible-doc -l |grep ^file
• To copy files modules

#ansible-doc -l |grep ^copy (same way go for lvol, yum, dnf etc)
• To view detailed help about a module

#ansible-doc -l <module name> (for e.g ping, copy, file, yum etc)
To get detaiedl information about a module

#ansible-doc <module name>
e.g.
#ansible-doc ping
#ansible-doc copy
#ansible-doc user
Ansible ad-hoc Commands

Ansible ad-hoc commands are the simplest way to execute some command
on a bunch of servers. Ad-hoc commands are not stored for future uses but
represent a fast way to interact with the desired servers. For example -To
Shutdown/Restart remote host or to quickly verify some configuration.
Syntax of ad-hoc command is:

#ansible [pattern] -m [module] -a “[module options]”
Examples of some ad-hoc commands are shown below:

ansible mhost1 -m command -a “cat /etc/hosts” To display hosts file of mhost1
ansible mhost2 -m copy -a “src=/etc/hosts To copy hosts file to /tmp/hosts_bkp file on
dest=/tmp/hosts_bkp” mhost2
ansible mhost3 -m file -a “path=/tmp/test To create test file on mhost3
state=touch”
ansible mhost4 -m user -a “name=ansible To create user ansible on mhost4
state=present”
Page 21 of 54
We must keep in mind ad-hoc command would be successfully executed if user
we are using has permissions to perform that action. For example, normal user
cannot create user, so we must execute command to create user as root user.
If default remote_user is normal user as defined in ansible.cfg, the use --become

flag to execute command on remote host with sudo provided remote host must
be configured to allow to use sudo for this user.
ansible mhost4 -m user -a “name=ansible state=present” –become
Lab Exercise:
Make sure that ansible hosts file has proper hosts added as shown below
[root@ansible-c ~]# tail /etc/ansible/hosts
# Here's another example of host ranges, this time there are no

# leading 0s:
[mygroup1]
mhost[1:2]
[mygroup2]
mhost[3:4]
Check connectivity using ansible all –m ping command before proceeding
1. Reading a file on mhost1 using ansible ad-hoc command

#ansible mhost1 –m command –a “cat /etc/hosts”
2. To read a particular file on all managed hosts

#ansible all –m command –a “cat /etc/fstab”
3. To read a particular file on all nodes, with 1 fork at a time

# ansible all –m command –a “cat /etc/fstab” –f 1
4. To copy a file/dir on a specific host

#ansible mhost2 -m copy -a "src=/etc/hosts dest=/tmp/hosts_bkp"
Note: Repeat one more time and check status color ( as it is alredy copied, it won't overwrite it)
5. Creating a new file on a specific host

Check if file is there or not
#ansible mhost3 -m file -a "path=/tmp/test state=file" (for dir state=dir)
Page 22 of 54
6. Creating a file
#ansible mhost3 -m file -a "path=/tmp/test state=touch"
7. Check the presence of file

#ansible mhost3 -m file -a "ls -l /tmp/test" (or -a "cat /tmp/test)"
8. Creating a user on a specific host

#ansible mhost4 -m user -a "name=test state=present" (to remove
state=absent)
9. To check user details

#ansibe mhost4 -m user -a "id test" Or #ansible mhost4 -a "id test"
Note: Always use #ansible-doc <module name> for details to use that module
Page 23 of 54
ANSIBLE PLAYS AND PLAYBOOKS
Ansible playbook is a set of plays you want to execute on remote machines. A

play consist of the tasks we want to perform on client machine(s). A typical
playbook will have instructions like, hosts on which the play has to be performed
with what user privilege and tasks to be performed using different modules on
remote clients.
If Ansible modules are the tools in your workshop, playbooks are your
instruction manuals, and your inventory of hosts are your raw material. Ansible
playbooks are written in YAML format which is human readable and this makes
ansible easy to use and understand than other programming languages.
A typical playbook consists of following elements
Hosts To define target of play and other directives like remote_user ,become,
gather_facts etc
Vars To define variables
Tasks To define list of tasks to be executed
handlers To define some task to be executed on successful change due to some other
task in tasks section
roles Roles to be included in the play
Ansible Playbook format example in YAML

---
- hosts: mhost1
become: True
tasks:
- name: Adding firewall rule
firewalld:
port: 80/tcp
state: enabled
permanent: yes
notify: Reload firewall
handlers:
- name: Reload firewall
systemd:
name: firewalld
state: reloaded
…
Page 24 of 54
ANSIBLE VARIABLES WITH YAML
Variable in general is the name given to a set of data, whenever in a script or in

general admin tasks we need to repeatedly recall a set of data, we create a
variable with some name storing some data inside it. Whenever we need to call
the data we’ll use the variable name.
• YAML stands for “YAML Ain’t Markup Language”
• Ansible playbooks are written in YAML. YAML supports dictionary, list and
complex variables using dictionaries and lists both.
• Valid variable names should start with letter and can contain only
underscore
• Dictionary maps keys to values
• In general, most things in a YAML file are a form of key-value pair where
the key represents the pair’s name and the value represents the data
linked to that name.
A simple dictionary variable example:
vars:
key: value
The defined variables in playbooks can be called using Jinja2 templating system.
For example, we can reference the variable defined above in playbook with
jinja2 expression “{{ key }}”.
We can display the variable using debug module in simple playbook to
understand this.
Page 25 of 54
Lab Excersice:
Run #ansible-doc debug to let more about debug module to use it in a playbook.
1. Creating a simple playbook to print a message

[root@ansible-c ~]# vim vars.yml
---
- hosts: mhost1
vars:
sub: ansible
tasks:
- name: Printing the value of a variable
debug:
msg: The value of the key sub is " {{ sub }}"
...
Let’s check the playbook for any syntax errors
[root@ansible-c ~]# ansible-playbook vars.yml --syntax-check
playbook: vars.yml
Note: Observe there are no errors reported in the playbook and it is good to execute
Let’s run the playbook and see the results

[root@ansible-c ~]# ansible-playbook vars.yml
PLAY [mhost1] ************************************************
TASK [Gathering Facts] ****************************************

ok: [mhost1]
TASK [Printing the value of a variable] *******************************

ok: [mhost1] => {
"msg": "The value of the key sub is \" ansible\""
}
PLAY RECAP *****************************************************

mhost1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0
ignored=0
Page 26 of 54
2. Disabling the gathering of facts for faster execution of a playbook
Facts collection will take longer time and then execution of playbook will
happen.
Run a playbook with time command and check execution time
[root@ansible-c ~]# time ansible-playbook vars.yml
real 0m3.743s
user 0m1.584s
sys 0m0.178s
[root@ansible-c ~]# vim vars.yml

---
- hosts: mhost1
gather_facts: no
vars:
sub: ansible
tasks:
debug:
msg: The value of the key sub is " {{ sub }}"
...
[root@ansible-c ~]# time ansible-playbook vars.yml
real 0m1.106s
user 0m0.954s
sys 0m0.053s
Observe the time difference between both executions
Named Dictionary variable with multiple key value pair:
vars:
dict:
key1: value1
key2: value2
Jinja2 expressions to refer variable in playbook.

“{{ dict }}” - To display dictionary variable.
“{{ dict.key1 }}” - To display value mapped to key1 using dot notation.
“{{ dict[‘key1’] }}” - To display value mapped to key1 using bracket notation.
Page 27 of 54
1. Creating a playbook with using a dict with multiple key value pair
[root@ansible-c ~]# vim vars2.yml
---
- hosts: mhost1
gather_facts: no
vars:
dict:
key1: value1
key2: value2
tasks:
debug:
msg: Example of dictionary " {{ dict }}"
...
Perform syntax-check and execute the playbook

[root@ansible-c ~]# ansible-playbook vars2.yml --syntax-check
playbook: vars2.yml
[root@ansible-c ~]#
[root@ansible-c ~]# ansible-playbook vars2.yml
PLAY [mhost1]
************************************************************************
TASK [Printing the value of a variable]

*****************************************************
ok: [mhost1] => {
"msg": "Example of dictionary \" {'key1': 'value1', 'key2': 'value2'}\""
}
PLAY RECAP
*************************************************************************
*
mhost1 : ok=1 changed=0 unreachable=0 failed=0 skipped=0
rescued=0 ignored=0
Make the change in playbook msg option “{{ dict.key1 }}” or “{{ dict[‘key1’] }}” to display
value mapped to key1 and re-run the playbook to observe the changes in output
Page 28 of 54
Named List variable example:
vars:
list:
- item1
- item2
- item3
Jinja2 expressions to refer a variable in playbook.

“{{ list }}” - To display list variable.
“{{ list[0] }}” - To display first item in the list.
“{{ list[1] }}” - To display second item in the list.
Lab Exercise:
Create a playbook to use YAML lists as variable
---
- hosts: mhost1
gather_facts: no
vars:
list:
- item1
- item2
- item3
tasks:
- name: Printing the values of the variable
debug:
msg: Example of list " {{ list }}"
...
playbook: vars3.yml
PLAY [mhost1] **********************************************************************
TASK [Printing the values of the variable]*************************************************
ok: [mhost1] => {
"msg": "Example of list \" ['item1', 'item2', 'item3']\""
}
PLAY RECAP *************************************************************************

mhost1 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Modify the playbook msg option to “{{ list[X] }}”, where x can be 0,1,2 to access item1,2 or
3.
Page 29 of 54
Dictionary+list mixed variable example:
In this example we are going to learn using both dictionary and list variables
together.
Ex:
vars:
users:
- name: Steve
age: 35
- name: tina
age: 30
“{{ users }}” - To display list variable.
“{{ users[0] }}” - To display first item in the list.
“{{ users[0].name }}” - To display name in first list item.
“{{ users[0][‘name’] }}” - To display name in first list item.
Lab Exercise:
Create a playbook to use both dictionary and list as variables
---
- hosts: mhost1
gather_facts: no
vars:
users:
- name: Steve
age: 35
- name: Tina
age: 30
tasks:
debug:
msg: Example of dic+list " {{ users }}"
...

playbook: vars4.yml
Page 30 of 54
PLAY [mhost1]
***********************************************************************
TASK [Printing the values of the variable]

*************************************************
ok: [mhost1] => {
"msg": "Example of dic+list \" [{'name': 'Steve', 'age': 35}, {'name': 'Tina', 'age':
30}]\""
}
PLAY RECAP
*************************************************************************
rescued=0 ignored=0
See the syntax and modify playbook accordingly
Defining a variable in a different file and accessing it in a playbook
Create a file with .yml or .yaml extension and store vars in it.
[root@ansible-c ~]# vim varfile.yml
---
users:
- name: Steve
age: 35
- name: Tina
age: 30
...
Create a playbook to access variable from other file & execute it

---
- hosts: mhost1
gather_facts: no
vars_files:
- varfile.yml
tasks:
debug:
msg: Example of dic+list " {{ users }}"
...
Page 31 of 54
playbook: vars5.yml
PLAY [mhost1]
***********************************************************************

*************************************************
ok: [mhost1] => {
"msg": "Example of dic+list \" [{'name': 'Steve', 'age': 35}, {'name': 'Tina', 'age':
30}]\""
}
PLAY RECAP
*********************************************************************
rescued=0 ignored=0
Repeat the different vars we went through in previous example
Page 32 of 54
Prompting value for the variable while executing play book
Syntax:
vars_prompt:
- name: var
prompt: Enter variable
private: no
“{{ var }}” - To display variable.
Create a playbook with above mentioned syntax

---
- hosts: mhost1
gather_facts: no
vars_prompt:
- name: var
prompt: Enter Some Value
tasks:
debug:
msg: Example of prompt "{{ var }}"
...
playbook: vars6.yml
Enter Some Value:
PLAY [mhost1]
***************************************************************

******************************************
ok: [mhost1] => {
"msg": "Example of prompt \"abc\""
}
PLAY RECAP
*****************************************************************
rescued=0 ignored=0
Page 33 of 54
Let’s add an option private: no and see the change
---
- hosts: mhost1
gather_facts: no
vars_prompt:
- name: var
prompt: Enter Some Value
private: no
tasks:
debug:
msg: Example of prompt "{{ var }}"
...
playbook: vars6.yml
Enter Some Value: abcd
PLAY [mhost1]
**********************************************************************

************************************************
ok: [mhost1] => {
"msg": "Example of prompt \"abcd\""
}
PLAY RECAP
*************************************************************************
*********
rescued=0 ignored=0
Observe this time the value is displayed on the screen
Page 34 of 54
Let’s create a playbook to create a user using prompt option
[root@ansible-c ~]# vim user.yml
---
- hosts: mhost1
gather_facts: no
vars_prompt:
- name: username
prompt: Enter Username
private: no
tasks:
- name: Creating a user on mhost1
user:
name: "{{ username }}"
state: present # to delete a user state: absent, remove: yes & force: yes
should be used
...
Execute the playbook and check the result;
#ansible-playbook user.yml
Page 35 of 54
ANSIBLE FACTS
Ansible collects pretty much all the information about the remote hosts as it
runs a playbook. The task of collecting this remote system information is called
as Gathering Facts by ansible and the details collected are generally known as
facts or variables
This information can be obtained manually using Ansible ad-hoc command and
a specialized module named setup. In fact, ansible playbooks call this setup
module by default to perform Gathering Facts task
Ansible facts are data/information related to your remote systems like operating
systems, IP addresses assigned on different interfaces, hostname, disks,
filesystems and more.
You can access this data in the ansible_facts variable. By default, you can also
access some Ansible facts as top-level variables with the ansible_ prefix.
We can display ansible facts using setup module using ansible ad-hoc command:
#ansible managed_host -m setup
Note: As normal user all the facts cannot be collected, so facts should be collected using
root user to fetch all important facts.
To check facts about specific hosts

[root@ansible-c ~]# ansible mhost1 -m setup
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.10.10",
"192.168.122.1"
],
"ansible_all_ipv6_addresses": [
"fe80::4da1:36ea:cc45:2b38",
"fe80::5dc9:fd0:9ce9:d81c"
],
"ansible_apparmor": {
"status": "disabled"
},
"ansible_architecture": "x86_64",
"ansible_bios_date": "12/01/2006",
"ansible_bios_version": "VirtualBox",
"ansible_cmdline": {
"BOOT_IMAGE": "(hd0,msdos1)/vmlinuz-4.18.0-240.el8.x86_64",
"crashkernel": "auto",
Page 36 of 54
"quiet": true,
"rd.lvm.lv": "rhel/swap",
"resume": "/dev/mapper/rhel-swap",
"rhgb": true,
"ro": true,
"root": "/dev/mapper/rhel-root"
},
Note: ansible facts will be displayed in the form of dictionary and list, key value pair
variables
Lab Exercise:
1. Create a playbook to display all facts of a specific host
[root@ansible-c ~]#vim facts.yml
---
- hosts: mhost1
gather_facts: True
tasks:
- name: Displaying the facts
debug:
msg: "{{ ansible_facts }}"
...
[root@ansible-c ~]# ansible-playbook facts.yml
Run the playbook and you’ll see all the facts of mhost1 will be displayed
2. Create or make changes in previous playbook to view only a key in dictionary

all_ipv4_addresses.
---
- hosts: mhost1
gather_facts: True
tasks:
debug:
msg: "{{ ansible_facts.all_ipv4_addresses }}"
...
[root@ansible-c ~]# ansible-playbook facts.yml
PLAY [mhost1] *****************************************************************
TASK [Gathering Facts] ***********************************************************
ok: [mhost1]
TASK [Displaying the facts] ********************************************************
ok: [mhost1] => {
"msg": [
"192.168.10.10",
"192.168.122.1"
]
}
PLAY RECAP *********************************************************************
mhost1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Page 37 of 54
3. Create a playbook to view only first IP in the list from previous example
---
- hosts: mhost1
gather_facts: True
tasks:
debug:
msg: "{{ ansible_facts.all_ipv4_addresses[0] }}"
...
Note: To view all the ansible variables that can be used in playbook, use
#ansible mhost1 –m setup|grep ansible_
4. Create a playbook to check hostname using ansible_nodename

---
- hosts: mhost1
gather_facts: True
tasks:
debug:
msg: "{{ ansible_nodename }}"
...
Note: the same can be called as following
msg: “{{ ansible_facts.nodename }}”
or
msg: “{{ ansible_facts[nodename] }}”
Page 38 of 54
5. Create a playbook to check the details about the disks connected to mhost1
---
- hosts: mhost1
gather_facts: True
tasks:
debug:
msg: "{{ ansible_devices }}"
...
To view info only about sda disk change msg to

msg: "{{ ansible_devices.sda }}"
To view info about all the partitions in sda disk

msg: "{{ ansible_devices.sda.partitions }}"
To view info only about sda1 partition in sda disk

msg: "{{ ansible_devices.sda.partitions.sda1 }}"
To view the size of sda1 partition in sda disk

msg: "{{ ansible_devices.sda.partitions.sda1.size }}"
Same can be viewed in bracket notations

msg: "{{ ansible_devices['sda']['partitions']['sda1']['size'] }}"
or
msg: "{{ ansible_facts['devices']['sda']['partitions']['sda1']['size'] }}"
Filtering Ansible facts
To filter Ansible Facts, We can use gather_subset and filter parameters. We

can use them using -a option with setup module.
If the command is being run by a normal user, use --become option to get
privilege of root user.
Examples of using ‘gather_subset’ directive

To gather Network related facts:
ansible target_host(s) -m setup -a “gather_subset=network” --become
To gather hardware related facts:

ansible target_host(s) -m setup -a “gather_subset=hardware” --become
Page 39 of 54
To gather Virtual environment related facts:
ansible target_host(s) -m setup -a ‘gather_subset=virtual,!min’ --become
Default is all (All facts).
To gather facts except network facts:

ansible target_host(s) -m setup -a ‘gather_subset=!network’ --become
Examples of using ‘filter’ directive

ansible target_host(s) -m setup -a “filter=ansible_devices” --become
ansible target_host(s) -m setup -a “filter=ansible_lvm” --become
ansible target_host(s) -m setup -a “filter=ansible_*name” --become
ansible target host(s) -m setup -a "filter=ansible_*family" –become
Note 1: When using ! Symbol to filter facts, always use single quotes (‘single
quotes’). With double quotation marks it will not work.
Note 2: Minimum default facts are always gathered with each subset of facts
until we exclude them (!min)
Ansible Documentation
Ansible documentation is available on website https://docs.ansible.com/
Using ansible-doc command line tool, we can conveniently check information about
modules, various directives that can be used and with some playbook examples.
For example, to display all information about copy module, execute below command.
#ansible-doc copy
In similar way you can check information about other modules, but you must know exact
name of module.
To display all modules, execute #ansible-doc –l
Page 40 of 54
CONFIGURING ANSIBLE MANAGED NODES
In this chapter we are going to learn configuring managed hosts to be used with
a normal user called ansible. We will setup ansible user to get privileges of root
using sudo powers on all managed hosts.
Let’s first learn some interesting options in ansible command line to edit a file
on managed hosts.
Task. Configure ‘mhost4’ to listen on non-default SSH port 222.
• ansible user should be able to connect to mhost4 on new SSH port as well as
standard SSH port.
• Update the inventory file to tell ansible to use port 222 to connect to mhost4
• Setup inventory file for ansible user as shown below
Task1: Configure ansible configuration file with following default values.

• Ansible config file must be created in subdirectory tasks in ansible user’s
home directory.
• Roles directory path should be /home/ansible/tasks/roles, in addition default
path should also be considered.
• Inventory file with name mnodes should exist on path /home/ansible/tasks.
• Remote port 22 should be used for SSH connection.
• User ansible should be used to connect to remote hosts.
• Privilege escalation must be disabled.
• Default module must be command module.
• Ansible should start 5 forks.
Execute commands as ansible user:
mkdir /home/ansible/tasks
vim /home/ansible/tasks/ansible.cfg
[defaults]
inventory = /home/ansible/tasks/mnodes
roles_path = /etc/ansible/roles:/home/ansible/tasks/roles
remote_port = 22
remote_user = ansible
module_name = command
forks = 5
[privilege_escalation]
become = False
Page 41 of 54
Task2: Create inventory file ‘mnodes’ on the inventory path defined in ansible
config file with below requirements.
• mhost1 must be part of host group prod1.
• mhost2 must be part of host group prod2.
• mhost3 and mhost4 must be part of webservers group.
• prod1 and prod2 must be part of prod group.
• group linux should include all managed hosts.
• Make sure all hostnames used can be resolved to IP Address.
vim /home/ansible/tasks/mnodes
[prod1]
mhost1
[prod2]
mhost2
[webservers]
mhost[3:4]
[prod:children]
prod1
prod2
[linux:children]
prod
webservers
linux
webservers prod
mhost3 mhost4 prod1 prod2
mhost1 mhost2
Test inventory using following commands as ansible user

$ ansible all --list-hosts
$ ansible prod1 --list-hosts
$ ansible prod2 --list-hosts
$ ansible webservers --list-hosts
$ ansible prod --list-hosts
$ ansible linux --list-hosts
Page 42 of 54
Login as root and perform ping test (note: go to /home/ansible/tasks folder
and run commands)
#ansible all –m ping –k
#ansible all –m ping –k –u root
Tasks to manage hosts we need to authorize ansible user to connect all hosts
and also have sudo privileges.
• Create and distribute SSH keys to managed nodes
• Configure privilege escalation on managed nodes
• Validate a working configuration using ad hoc Ansible commands
Task1: Configure ‘mhost4’ to listen on non-default SSH port 222.

• ansible should be able to connect to mhost4 on new SSH port as well as
standard SSH port.
• Update the inventory file to tell ansible to use port 222 to connect to mhost4.
Execute commands as root user :
ansible mhost4 -m lineinfile -a "path=/etc/ssh/sshd_config regexp='^#Port' line=‘Port
22'" -u root
ansible mhost4 -m lineinfile -a "path=/etc/ssh/sshd_config insertafter='^Port' line='Port

222'" -u root
ansible mhost4 -m seport -a "ports=222 proto=tcp setype=ssh_port_t state=present" -u

root
ansible mhost4 -m firewalld -a "port=222/tcp state=enabled permanent=yes" -u root
ansible mhost4 -m service -a "name=firewalld state=reloaded" -u root
ansible mhost4 -m service -a "name=sshd state=restarted" -u root
Modify inventory file:

vim /home/ansible/tasks/mnodes
----
mhost4 ansible_port=222
---
:wq
Note: if required we need to install policycoreutils* package to use seport module. Install same using
#dnf install policycoreutils*
Page 43 of 54
Task2: Generate SSH Keys for user ‘ansible’ on Ansible control node.
• Use ansible ad-hoc command to create user ansible on all managed nodes
and copy the public key for ansible user to managed nodes.
• Execute this task as root user.
• Use redhat as password for this user.
Execute command as ansible user:
ssh-keygen
Execute commands as root user:

ansible all -m user -a "name=ansible state=present password='{{ 'redhat' |
password_hash('sha256') }}'" -u root
ansible all -m authorized_key -a "user='ansible' state='present' key='{{ lookup('file',
'/home/ansible/.ssh/id_rsa.pub') }}' path='/home/ansible/.ssh/authorized_keys'" -u root
Note: observe in above task to assign password in encrypted form, we are using sha256 algorithm,
you can also user sha512 algorithm if required for stronger encryption.
Task3: Using ansible ad-hoc commands, Configure privilege escalation (sudo)

for user ‘ansible’ on all Managed hosts.
• User ansible should be able to use sudo without providing password.
Execute this command as root user:
ansible all -m lineinfile -a "path=/etc/sudoers state=present line='ansible ALL=(ALL)
NOPASSWD: ALL' backup=yes validate='/usr/sbin/visudo -cf %s'" -u root
Task4: Use ansible ad-hoc command to configure MOTD on all managed hosts
as “Welcome to Ansible managed host”
Execute this command as ansible user:
ansible all -m copy -a “content=‘Welcome to Ansible managed host’ dest=/etc/motd’” --
become
Note: --become will ansible user sudo privilege
Task5: Use ansible adhoc-commands to configure all managed nodes to use

‘BaseOS’ and ‘AppStream’ repos with following information
For BaseOS Repository:
• name=BaseOS
• description= DNF BaseOS Repo
• baseurl=ftp://192.168.10.5/pub/rhel8/BaseOS
• gpgcheck=1
• gpgkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
• enabled=1
Page 44 of 54
For AppStream Repository:
• name=AppStream
• description= DNF AppStream Repo
• baseurl= ftp://192.168.10.5/pub/rhel8/AppStream
• gpgcheck=1
• gpgkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
• enabled=1
Now, execute following ad-hoc command as ansible user

ansible all -m yum_repository -a "name=BaseOS description='DNF BaseOS Repo'
baseurl=ftp://192.168.10.5/pub/rhel8/BaseOS gpgcheck=1 gpgkey=file:///etc/pki/rpm-
gpg/RPM-GPG-KEY-redhat-release enabled=1 file=BaseOS" –become
ansible all -m yum_repository -a "name=AppStream description='DNF AppStream Repo'

baseurl=ftp://192.168.10.5/pub/rhel8/AppStream gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release enabled=1 file=AppStream"
–become
Check on all nodes if it is done
To Disable GPG Key Check
ansible all -m yum_repository -a "name=BaseOS description='DNF BaseOS Repo'
baseurl=ftp://192.168.10.5/pub/rhel8/BaseOS gpgcheck=0 enabled=1 file=BaseOS" --
become
ansible all -m yum_repository -a "name=AppStream description='DNF AppStream Repo'

baseurl=ftp://192.168.10.5/pub/rhel8 gpgcheck=0 enabled=1 file=AppStream" --become
Page 45 of 54
USEFUL SYSTEM ADMIN TASKS USING ANSIBLE PLAYBOOK
Perform all the tasks as ansible user.

Task 1: Create a playbook named ‘services.yml’ under tasks directory to
perform below tasks.
• Install httpd service on webservers nodes.
• Install mariadb service on prod nodes.
• Make sure services are started and enabled.
[ansible@ansible-c ~]$ vim services.yml
---
-
hosts: webservers
become: True
tasks:
- name: Installing httpd service
yum:
name: httpd
state: present
- name: Starting and enabling httpd service
service:
name: httpd
state: started
enabled: yes
- hosts: prod
become: True
tasks:
- name: Installing mariadb service
yum:
name:
- mariadb-server
- mariadb-common
state: present
- name: Starting and enabling mariadb service
service:
name: mariadb
state: started
enabled: yes
...
Execute services.yml playbook
[ansible@ansible-c ~]$ ansible-playbook services.yml --syntax-check
[ansible@ansible-c ~]$ ansible-playbook services.yml
Page 46 of 54
Task 2: Create a playbook ‘user.yml’ to create user on all managed hosts with
below information.
• Use username as mark.
• Set redhat as password.
• Password must be encrypted with Sha512.
[ansible@ansible-c ~]$ vim users.yml
---
-
hosts: all
become: True
gather_facts: False
tasks:
- name: Creating user
user:
name: mark
password: "{{ 'redhat' | password_hash('sha512') }}"
state: present
...
Execute the playbook and see the result
[ansible@ansible-c ~]$ ansible-playbook users.yml --syntax-check
[ansible@ansible-c ~]$ ansible-playbook users.yml
Task 3: Create a playbook named ‘file.yml’ to create file ‘/root/mark_file’ on

all managed nodes.
• User and group ownership must be set to mark.
• Configure full permissions for user, read/write at group level and no
permissions for others on this file.
• Set GiD bit.
[ansible@ansible-c ~]$ vim file.yml
---
-
hosts: all
become: True
gather_facts: False
tasks:
- name: Creating file, setting permissions and gid bit
file:
path: /root/mark_file
owner: mark
group: mark
mode: '2760'
state: touch
...
Page 47 of 54
[ansible@ansible-c ~]$ ansible-playbook file.yml --syntax-check
[ansible@ansible-c ~]$ ansible-playbook file.yml
Task4: Using ansible ad-hoc commands, create file ‘/root/file1.txt’ on all

managed nodes.
• File should contain text “This text file is created using Ansible.”
• Remove all permissions for others on this file
Execute Commands as ansible user:
ansible all -m file -a "path=/root/file1.txt mode=o-rwx state=touch" --become
ansible all -m copy -a "content='This text file is created using Ansible' dest=/root/file1.txt"
--become
Task 5: Using ansible playbook ‘archive.yml’, archive contents of ‘/etc’

directory into ‘etc.tar’ file under ‘/root’ directory.
• Playbook should be executed on webservers nodes.
• Compress the archive using bzip2.
[ansible@ansible-c tasks]$ vim archive.yml
---
-
hosts: webservers
become: Yes
gather_facts: False
tasks:
- name: Archiving /etc directory
archive:
path: /etc
dest: /root/etc.tar.bz2
format: bz2
...
[ansible@ansible-c tasks]$ ansible-playbook archive.yml --syntax-check
[ansible@ansible-c tasks]$ ansible-playbook archive.yml
Page 48 of 54
Task 6: Create a playbook ‘cronjobs.yml’ to schedule below tasks.
• Restart rsyslog service at 23h00 and 06h00 on prod nodes every day.
• Restart rsyslog service at 02h00 on webservers nodes on every Monday.
[ansible@ansible-c tasks]$ vim cron.yml
---
-
hosts: prod
become: Yes
gather_facts: False
tasks:
- name: Scheduling restart of rsyslog on prod nodes
cron:
name: "Scheduling cron job on prod nodes"
hour: "23,6"
minute: "0"
job: /usr/bin/systemctl restart rsyslog
-
hosts: webservers
become: True
gather_facts: False
tasks:
- name: Scheduling restart of rsyslog on webservers nodes
cron:
name: "Scheduling cron job on webservers nodes"
hour: "2"
minute: "0"
weekday: "1"
job: /usr/bin/systemctl restart rsyslog
...
Page 49 of 54
Task 7: Create a playbook ‘update.yml’ to update all packages on prod1 node.
[ansible@ansible-c tasks]$ vim update.yml
---
-
hosts: prod1
become: True
gather_facts: False
tasks:
- name: Update all packages on prod1 node
yum:
name: ‘*’
state: latest
...
Task 8: Create a playbook ‘firewall.yml’ to configure firewall on all

‘webservers’ nodes.
• Inbound traffic for http service should be accepted.
• Setting should be persistent and reload firewall to enforce this
[ansible@ansible-c tasks]$ vim firewall.yml
---
-
hosts: webservers
become: Yes
gather_facts: False
tasks:
- name: Configuring firewall on webservers nodes
firewalld:
service: http
state: enabled
permanent: yes
notify: Reload firewall
handlers:
- name: Reload firewall
service:
name: firewalld
state: reloaded
...
Page 50 of 54
Task 9: Create a playbook ‘group.yml’ to perform below tasks.
• Create directory path /web/html on webservers nodes.
• Create group testing on webservers nodes and group networks on prod
nodes.
[ansible@ansible-c tasks]$ vim group.yml
---
-
hosts: webservers
become: Yes
gather_facts: False
tasks:
- name: Creating directory
file:
path: /web/html
state: directory
- name: Creating group

group:
name: testing
state: present
-
hosts: prod
become: True
gather_facts: False
tasks:
- name: Creating group
group:
name: networks
state: present
...
Page 51 of 54
Task 10. Create a playbook ‘context.yml’ to set selinux context type
‘httpd_sys_content_t’ on ‘/web/html’ directory on all webservers nodes.
• Setting should be persistent, and context should be restored.
• Verify the context type using ansible ad-hoc command.
[ansible@ansible-c tasks]$ vim context.yml
---
-
hosts: webservers
become: Yes
gather_facts: False
tasks:
- name: Setting Context type
sefcontext:
target: '/web/html(/.*)?'
setype: httpd_sys_content_t
state: present
- name: Restoring context type
command: restorecon -irv /web/html
Page 52 of 54
Task 11: Create a playbook ‘parted.yml’ to create extended partition on all
managed nodes.
• Use all remaining space for extended partition (container for logical
partitions).
• Create one logical partition of size 200 MiB on all managed nodes.
[ansible@ansible-c tasks]$ vim parted.yml

---
-
hosts: all
become: Yes
gather_facts: True
tasks:
- name: Read device information
parted: device=/dev/sda unit=MiB
register: sda_info
- name: Creating Extended partition
parted:
device: /dev/sda
number: "4"
part_type: extended
part_start: "{{ sda_info.partitions[2].end + 1 }}MiB"
state: present
- name: Creating logical partition
parted:
device: /dev/sda
number: "5"
part_type: logical
part_start: "{{ sda_info.partitions[2].end + 2 }}MiB"
part_end: "{{ sda_info.partitions[2].end + 202 }}MiB"
state: present
...
Page 53 of 54
Task 12: Create a playbook ‘mount.yml’ to format the device ‘/dev/sda5’
with ‘ext4’ filesystem.
• Mount the file system on /mnt/partition directory.
• Mount should be persistent
[ansible@ansible-c tasks]$ vim mount.yml
---
-
hosts: all
become: Yes
gather_facts: False
tasks:
- name: Creating filesystem
filesystem:
dev: /dev/sda5
fstype: ext4
- name: Mounting filesystem
mount:
src: /dev/sda5
path: /mnt/partition
fstype: ext4
state: mounted
...
Page 54 of 54

Linux 7&8

Uploaded by

Copyright:

Available Formats

Linux 7&8

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux 7&8

Uploaded by

Copyright:

Available Formats

What is the book about?

What is the book about?

What technologies does the author provide training on?

What technologies does the author provide training on?

LINUX 7&8

WITH ANSIBLE AUTOMATION

VirtualPath Techno Solutions

VirtualPath Techno Solutions:

Phone/WhatsApp :+91 799 309 609292

About the Author:

I’m Highly Indebted To:

Words to the Students

Go through our website and blog

ORACLE DBA, RAC IBM AIX, POWER

SHELL SCRIPTING And Many More...

BONUS SERVERS & TOPICS FOR SELF-LEARNING

ANSIBLE AUTOMATION......................................... 274

What is Operating System?

Types of Operating System:

Single User - Single Tasking Operating System

Single User - Multi tasking operating System

Multi User - Multi Tasking Operating System

In the beginning, there was AT&T.

• GNU project started in 1984

b) By 1990, nearly all required user space application created.

• Free Software Foundation

GPL – GNU (General Public License)

• primary license for open source software

• Fresh implementation of UNIX APIs

/root it is home directory for root user (super user)

/home it is home directory for other users

/boot it contains bootable files for Linux

/etc it contains all configuration files

/usr by default soft wares are installed in /usr directory

/opt It is optional directory for /usr

/bin it contains commands used by all users

/sbin it contains commands used by only Super User (root)

/dev it contains device files

/var it contains variable data like mails, log files

/tmp contains the temporary files for small period of time

/mnt it is default mount point for any partition

/media it contains all of removable media like CD-ROM, pen drive

/lib it contains library files which are used by OS

Creating, Removing, Copying, Moving files & Directories

To display the content of the file

To append the data in the already existing file

Creating multiple files at same time using touch command

Making multiple directories inside a directory

India AUS USA

Hyd Bang Sydney Perth Tampa Nyc

Copying files into directory

Moving files from one location to other (cut and Paste)

Moving a Directory from one location to other

Removing an Empty directory

In the command mode the cursor’s can be used as

Extended Mode: (Colon Mode)

Esc+:w To Save the changes

To open multiple files in vim editor

Listing files and directories:

There are two types of Links:-