Sunday 5 July 2020

How do you make/grant complete access on files?


251. How do you make/grant complete access (rwx) on files created for a user and deny any level of access to others including group?

Define the umask value for the required user to achive the same. This can be done by editing .bash_profile file.

For example, if we need to define this for a user “testuser” then we need to edit this file “/home/testuser/.bash_profile” and define umask as given below (assuming that the default home directory location is not changed):
umask 0077
Save and exit the file.
Next time this user logs in, files/directories would get exclusive permissions only for this user as masked by umask parameter.
For root user the umask is defined in “/etc/init.d/functions” file. Otherwise, in /etc/profile (login shell) or /etc/bashrc (non-login shell) file.

252. What does the umask value of 0022 indicates for a root user?

Before understanding this, one must understand the numerical values being used to represent permission bits in Unix environment. It is as shown below:
r – “read” permission – numerical equivalent value “4”
w – “write” permission – numerical equivalent value “2”
x – “execute” permission – numerical equivalent value “1”
s – “special” permission bit – numerical equivalent “4” for SUID (SetUserID), “2” for SGID(SetGroupID “1” for Sticky-bit.
u – “user”
g – “group”
o – “others”

Set/Unset Permissions: Using chmod command. Say for example you wish to set only “read & write (rw)” permission for owner, no permissions for group and others then this could be done like below:
$chmod 600 <filename> OR $chmod u+rw,go-rwx <filename>

Now, lets check what does 0022 umask value indicates:
0 – Indicates special character bit, not masked.
0 – Indicates mask nothing, all permission bits are set for “Owner”.
2 – Indicates mask 2 for “Group” (for files it is “x4x” meaning both read & write bits are set likewise for directories it is “x5x” meaning both read & execute bits are set)
2 – Indicates mask 2 for others ( as explained above)
Saying so, when a root user creates a file/directory this umask bit would be used to set the effective permissions. For a file it would be (666-022=644), rw-,r–,r– (read&write,read,read) respectively for user, group and others (ugo). However, when a directory is created it would be (777-022=755) rwx,r-x,r-x for ugo. Same way the default umask value for other users is 0002.

253. How do you find out all the packages installed on a RHEL system(server)?

# rpm -qa
# yum list installed
# repoquery -a --installed
# yumdb search from_repo base

# yum install yum-utils will create /var/log/yum.log file with date and time of all packages installed.

254. Different ways that can be used to verify that a package got installed successfully via yum:?

– Immediately after running yum command, check exit status, if it shows “0” (numeral) then command executed successfully.
# echo $?

– Run rpm -qa and test.
# rpm -qa | grep <pkg_name>

– Verify with rpm command:
# rpm --version <pkg_name>

– Check the yum log to see the successful log entry about the same package.
# grep <pkg_name> /var/log/yum.log

useful commands to verify that a package got installed successfully,
# yum list installed | grep <pkg_name>
# yum info <pkg_name>
# yum info <pkg_name> | grep Repo | awk '{ print $3 }'
# yum list installed <pkg_name> >/dev/null ; echo $?

255. How to view the installed date of a package?


# rpm -q <pkg_name> -last
# rpm -q --last <pkg_name>
# rpm -qi <pkg_name> | grep "Install Date"

Check in /var/log/yum.log file (provided the package is installed by yum-utils)
# grep <pkg_name> /var/log/yum.log

256. If for some reasons, a binary file gets corrupted or missing from the system, then how could this be recovered with minimal downtime?

1. Try to copy the missing binary (executable) file from a similar working system using scp command.
2. Try to extract this file from respective package and move it to the system.

For example if the binary command file /sbin/ifconfig is missing or corrupted, hence, unable to run this command. So, we’d need to extract this from package and install it.

Steps
– Identify which package this command belongs to.

– On a working system, run the command ‘rpm -qf /sbin/ifconfig’. This would tell which package has installed this executable file:
# rpm -qf /sbin/ifconfig
net-tools-1.60-110.el6_2.x86_64

– Mount an iso which holds this package and then run “rpm2cpio” command with “cpio” to extract required file.

– Check if the required file is available in the package before extracting it.
# rpm2cpio /media/Packages/net-tools-1.60-110.el6_2.x86_64.rpm |cpio –extract –list –verbose “*ifconfig”
-rwxr-xr-x 1 root root 69440 Apr 26 2012 ./sbin/ifconfig
1542 blocks

– Now, we know that this binary is available with this package, so we’d need to extract this file. Create a directory where to extract.
# rpm2cpio /media/Packages/net-tools-1.60-110.el6_2.x86_64.rpm |cpio –extract –make-directories –verbose “*ifconfig”
./sbin/ifconfig
1542 blocks

– The binary would be found under “sbin” directory within current directory.
# tree
.
└── sbin
└── ifconfig
1 directory, 1 file

– Later, move this binary file to /sbin folder and make sure proper permissions are set as required.

257. How to run file system check on a logical volume in rescue mode?

– Boot into rescue mode (“linux rescue nomount”)
– Don’t mount any file systems, so “Skip” mounting.
– First make the logical volumes available by running these commands:
– lvm pvscan
– lvm vgscan
– lvm lvscan
– lvm lvchange -ay
– Next, run the file system check on the respective lvm.
– #e2fsck -fy /dev/vgname/lvname

258.  How to verify if a filesystem state is marked as clean?

# dumpe2fs -h /dev/sda1 | grep -i state
dumpe2fs 1.41.12 (17-May-2010)
Filesystem state: clean

# tune2fs -l /dev/sda1 | grep -i state
Filesystem state: clean

259.  Different fields in /etc/fstab.

DeviceName MountPoint FilesystemType MountOptions DumpFrequency FsckCheckOrder

260. How do you skip the initial fsck(file system check) on a file system while booting up?

Edit /etc/fstab and make the last column of the respective file system as 0 (number). This would skip the file system check process.

261. How to list all the files with SUID (Set User ID) bit set under the top level root directory and ignore any errors/warnings in the process, and list the output in long list format?

# find / -type f -perm -4000 2>/dev/null | xargs ls -l

262. How to list all the files/folders with SUID/SGID/Sticky Bit (Set Group ID) bit set under the top level root directory and ignore any errors/warnings in the process, and list the output in long list format?

# find / -type f -perm /7000 2>/dev/null | xargs ls -l

263. How to search for all files with extension “*.log” in the current working directory and find out total disk space consumed and skip such files under any sub-directories?

There are situations wherein an admin would required to find out total disk space consumed by those files such as “*.log” or “*.dat” etc., so one could use this command:
# find . -maxdepth 1 -name '*.log' | xargs ls -l | awk '{ TOTAL += $5} END { print TOTAL }'

# find . -maxdepth 1 -name '*.log' -type f -exec du -bc {} + | grep total | cut -f1

If there are smaller files then running the ‘find’ command or ‘du’ command would work, however, if there are bigger files then one may come across error “argument is too long”, so need to use “xargs” to parse output to avoid such errors.

# find . -maxdepth 1 -name '*.dat' | xargs ls -l | awk '{ TOTAL += $5} END { print TOTAL }'

264. I’ve installed the latest kernel on the system successfully, however, my server still boots from the old kernel. How do you make the system to boot from the newly installed kernel?

– Verify if the new kernel packages are installed successfully.
– Verify if the kernel stanza is added in grub.conf file.
– Make the new kernel as the default kernel to boot in grub.conf file. Either move the kernel stanza to be the first or change “default” entry according to the kernel stanza to boot.

265. Explain briefly the Grub in Linux Server?

Boot Loader is a package that loads operating system to memory during boot. Windows comes up with its own boot loader whereas Linux gives you to select boot loader as per your environment and requirement.

GNU GRUB or GRUB (Grand Unified Bootloader) is a type of boot loader package that supports multiple operating systems. It allows feasibility of selecting the required OS during boot. GNU GRUB gives the option to select the operating system to load during boot. GNU GRUB is an advanced level of legacy GRUB.
Unlimited number of boot entries supported
Dynamically configurable, run-time changes can be made during boot
Easy to install or execute from any device
It can be helpful in loading the operating system from the network or decompressing during boot
It also supports Windows and DOS
Only CLI (Command Line Interface) is available
Installation and configuration steps have a slight difference on the basis of OS distribution used

266. How to reinstall GRUB loader from rescue mode under GRUB loader corruption?

when there is a GRUB loader corruption,
1. The GRUB menu is not shown when booting the server
2. Check the header of the booting diskIf the GRUB loader is corrupted
# file -s /dev/sda
the key point is that the first output is missing ‘code offset 0x48‘, which is a indicator of GRUB Stage 1 code.

Reinstalling GRUB loader,
Boot the server into rescue mode, and mount the filesystem automatically
The / partition would be mounted under /mnt/sysimage automatically. If not, mount it manually
Mount the /boot partition 
Re-install the GRUB loader
Reboot the server 

267. Explain nfs hard and soft mount?

Hard Mount : After restarting the server keep on search nfs mount partition until found the device, if the device not found server not will not boot,.
Soft mount: if device not found it will skip

268. How do you disable the “NetworkManager” service on runlevel 5?

# chkconfig –level 5 NetworkManager off
# chkconfig –list NetworkManager
NetworkManager 0:off 1:off 2:on 3:on 4:on 5:off 6:off
In RHEL7.x, NetworkManager is the standard and default daemon for managing network.

269. Which is the parameter that you would add to grub.conf while configuring kdump?

crashkernel=128M (for 128MB crash memory) (crashkernel=0M-2G:128M,2G-6G:256M,6G-8G:512M,8G-:768M)

270. How to find out the system hardware details such as “manufacture, product name” etc,.?

Using “dmidecode”
# dmidecode --type system |egrep -i "Manufacturer|Product Name|Serial Number|Family"
OR
# dmidecode --type system |grep "System Information" -A 8

– To find out BIOS details :
# dmidecode --type bios |grep "BIOS Information" -A 6

Valid type keywords are:
  bios
  system
  baseboard
  chassis
  processor
  memory
  cache
  connector
  slot

271. Which commands are normally recommended to edit "/etc/passwd", "/etc/shadow", "/etc/group" and "/etc/gshadow" files?

vipw → To edit the user password file (/etc/passwd)
vigr  → To edit the user group file(/etc/group)
vipw -s → To edit shadow password file (/etc/shadow)
vigr -s → To edit shadow group file (/etc/gshadow)

These commands would normally lock the respective file while editing to avoid corruption. It is not a recommended practice to edit shadow file manually. 

272. How to run ‘free’ command to print output of 2 instances with 2 seconds interval and store that output in a file (skipping any errors/warnings), and run this in background?

# free -s 2 -c 2 1> /tmp/free.out 2> /dev/null &
# cat /tmp/free.out

273.  How to find out when was the last time a service got restarted?

To find when the service last started you can use:
# systemctl show <service_name>
# systemctl status sshd | grep "Started"
# systemctl show sshd | grep ActiveEnterTimestamp
# journalctl --unit=sshd | grep Started

274. how to check service session details for sshd?

# journalctl | grep sshd

275. Which command is used to count the number of characters in a file and expain wc command?

# wc -m <file_name>

The wc (word count) command is used to find out the count of number of characters in a file. The wc command can also be used to find out the newline count , byte and character count in files Specified by file arguments.

The syntax of the wc command is of the form,
wc [options] filename

The following are the options and usage provided by the command,
wc -l : prints the number of lines in a file.
wc -w : prints the number of words in a file.
wc -c : prints the number of bytes in a file.
wc -m : prints the number of count of characters in a file.
wc -L : prints only the length of the longest line in a file.

                                                                                           MENU         PREVIOUS | NEXT

No comments:

Post a Comment