Wednesday, January 21, 2015

LINUX Disk Storage Management & LVM Storage Management

       LINUX Disk Storage Management & LVM Storage Management




                     Disk Storage  Management
                    ------------------------------------------

Physical Disks are represented in LINUX as /dev/sda(SCSI Disks), /dev/hda(IDE Disks).

Suppose there is three SCSI Disks connected to the server . It will appear on server as

1st  Disk --/dev/sda
2nd Disk --/dev/sdb
3rd Disk --/dev/sdc



A valid block device could be one of two types of entries:

    A mapped device — A logical volume in a volume group, for example, /dev/mapper/VolGroup00-LogVol02.

    A static device — A traditional storage volume, for example, /dev/hdbX,/dev/sdaX, where hdb & sda  is a storage device name and X is the partition number. 

What is Partition?

The physical disk can be divided into one or more logical disks . These logical disks are known as partitions.


The idea is that if you have one hard disk, and want to have, say, two operating systems on it, you can divide the disk into two partitions. Each operating system uses its partition as it wishes and doesn't touch the other ones. This way the two operating systems can co-exist peacefully on the same hard disk. Without partitions one would have to buy a hard disk for each operating system.


*On an IDE drive you can have up to 63 partitions, 3 primary and 60 logical ( contained in one extended partition )

*On a SCSI drive the maximum number of partitions is 15.

Ex. -- Suppose you want to  4 partition  on new disk assigned to the server /dev/sdb.

After  partitioning the newly created  logical partitions will appear as.
 /dev/sdb1 ,/dev/sdb2 ,/dev/sdb3 and /dev/sdb4



What is Extended Partition ?


An extended partition is the only kind of partition that can have multiple partitions inside. Think of it like a box that contains other boxes, the logical partitions.

 The extended partition can't store anything, it's just a holder for logical partitions.
The extended partitions is a way to get around the fact you can only have four primary partitions on a drive. You can put lots of logical partitions inside it.
 
 What is Logical Partition?

Logical partitions are partitions that are created by dividing up the extended partition.


                       MBR(Master Boot Record)

The MBR is a small program that is executed when a computer begins to boot up (i.e., start up) in order to find the operating system and load parts of it into memory.

The first sector is the master boot record (MBR) of the disk


 The master boot record contains a small program that ;

1.  Reads the partition table, checks which partition is active (that is, marked bootable),
2. Reads  the first sector of that partition, the partition's boot sector (the MBR is also a boot sector, but it has a special status and therefore a special name). This boot sector contains another small program that reads the first part of the operating system stored on that partition (assuming it is bootable), and then starts it.


 Understanding the Partitoning Concept


There are two ways of partitioning the disk :

 1. Standard Partitions using parted
 2. LVM Partition Management


 Standard Partitions using parted

parted utility is used in linux for partitioning the disks having large size greater than 2 TB .

By default, the parted package is included when installing Red Hat Enterprise Linux.

 Using the parted utility , we can perform below tasks.

    a)  View the existing partition table

    b)  Change the size of existing partitions

    c)  Add partitions from free space or additional hard drives 



                          Viewing the Partition Table






            Creating a Partition

 For creating the partition on new disk first we need to label the disk.

From the partition table, determine the start and end points of the new partition and what partition type it should be.







 Removing  a Partition


 Creation of swap Partition using parted

 Creating a LVM Partition using parted


 Creation of boot partition using parted




under construction


Posted by at 1 comment:

Saturday, January 17, 2015

REDHAT LINUX BASICS -STARTUP

                    LINUX -OPERATING SYSTEM.

Linus Travolds released linux in 1991 under GPL.

What is kernel?

Kernel is called as the heart of operating system. Kernel is also the program  acting as chief opertions

There are many functionalities that are handled by Kernel.Below are the list of some critical fuctionalities:
 1. Starting & Stopping other programs.
 2. Handling Requests from memory
 3. Accessing disks
 4.Managing network connections etc..


Kernel are basically of two types :

1. Monolithic -----That provides all the services that application needs
                              EX; Linux is using monolithic kernel

2. Micro Kernel --- These consists of small core set of services . It nees                       other modules to be loaded  to perform other functions.
                               EX:Windows.



LINUX Distributions  are classified into two groups

1. Commercial     --  This type of distribution tends to have longer release cycle .Also Commercial generally offers support for their distribution  at certain cost. EX--redhat,suse

2.Non-Commercial  --The company offers use the  non-commercial distribution basically  for testing purpose   of the software. Several of ,non-commercial distributions are backed up with the support.
Ex: Debian,Fedora,Ubuntu



LINUX Licences:

GNU Public Licences(GPL)  ---GPL States that the software realesed is free .It's acceptable to take the software and resell it for his own profit,But when reseling  and if any changes made in the code ,u need to release the full source code  including the changes  at GPL platform and also the new source code will be under GPL . EX. Redhat

BSD & Apache  -- These types of licences gives the user to modify the source code without disclosing the changes made in the source code.


------------------------------------------------------------------------------------------------

Basic Linux System Adminsitration Tasks;

1. User Management
2. Logical Volume Management
3. Network Management
4.Device Management.
5.Package Management

 --------------------------------------------------------------------------------------

User Management In Linux

1.  Every file or program under Linux is owned by a user.
2.  Each user will be having a unique User ID(UID).
3.  Root user is known as super user which can do all the tasks in linux.
     By default the UID for root user is "0" .
4.  System Users are  normally having the UID from 0 to 499  . The manually   created users will  have UID after that.

 5. All the user information in linux is kept under text files .

Below are the files where the user's information is kept.

1.  /etc/passwd -- this file stores user-name,encrypted password  entry,UID,GID,Gecos,Home directory and login shell informations

2. /etc/shadow ---  this file stores the encrypted passoword information for user accounts.

why was the requirement of  /etc/shadow file if it was possible through /etc/password file only?

 Ans: As we all know that /etc/passwd file is readable by all the users,it was leading to the security treat since it was easy for the hackers to crack the  encrypted password .  So for handling this linux introduced /etc/shadow file that is only readable by root users or other required priviledged programs that requires access to that information.
How to create a user 

Using the "useradd' command we are creating the users in linux.
Whenever we are running the useradd command the ASCII Text File  " /etc/default/useradd" is executed.

Content of /etc/default/useradd

# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

 *Above mentioned parameters are automatically taken once the useradd command is executed .

By default, a group will also be created for the new user .




Changing the default values(changing the /etc/default/useradd parameters)


When invoked with only the -D option, useradd will display the current default values

[root@abhi ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes






--------------------------------------------------------------------------------------------------------
Below help page of linux will be helpful in using the useradd command:



Usage: useradd [options]USER-NAME

Options:
  -b,   --base-dir BASE_DIR             base directory for the home directory of the   new account
  -c,  - -comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR            home directory of the new account
  -e, --expiredate EXPIRE_DATE    expiration date of the new account(The date is specified in the format YYYY-MM-DD.)
  -f, --inactive INACTIVE                 password inactivity period of the new account
  -g, --gid GROUP                            name or ID of the primary group of the new account
  -G, --groups GROUPS                   list of supplementary groups of the new account
  -m, --create-home                          create the user's home directory 
  -M, --no-create-home                      do not create the user's home directory
  -p, --password PASSWORD           encrypted password of the new account
  -r, --system                                     create a system account
  -s, --shell SHELL                            login shell of the new account
  -u, --uid UID                                    user ID of the new account
  -U, --user-group                              create a group with the same name as the user

--------------------------------------------------------------------------------------------------
Example

1. #useradd test

 This will create a user-id and it's home directory . Home directory will be by default "/home/user-id"

 2. # useradd -d /home/test  -p test123  test

Here we are creating a user test with home directory "/home/test"  and the passowrd that will be stored in /etc/shadow will be "test123"

'-p" parameter is not recommended to use until you are not creating the encrypted password using crypt command.

[root@abhi ~]# cat /etc/shadow |grep -i test
test:test123:16452:1:90:7:::
[root@abhi ~]#


3. Creation of  system  user account  with UID 510 and Primary goup ID as 500 .System user acount will not have home directory . But the user will have the no-ageing(means never expiry ) by default.
[root@abhi ~]# useradd -u 510 -g 500 -r test

**** This is helpful when customer requests for user account for collecting some details,who can't create any files or directory except /tmp.


4. If you want to create system user with home directory you need to use -m option .
#useradd -r -m test

5 .Creating a user-ID whose Gecos is "test user". The user account expires on 2015-12-18  and will become inactive after 5 days the user-ID expires.

[root@abhi ~]# useradd -c "test user" -e 2015-12-18  -f 5 test2

[root@abhi ~]# cat /etc/passwd |grep -i test2
test2:x:501:501:test user:/home/test2:/bin/bash






Content of /etc/shadow file after this:

[root@abhi ~]# cat /etc/shadow|grep test2
test2:!!:16452:1:90:7:5:16787:

.Note:   -f 0 means that the user account will become inactive as soon as    user-id expires

            -f -1 means that  user account inactive parameter  will be disbaled    for this    user.



Changing the base-dir )HOME) parameter in /etc/default/useradd file
[root@abhi ~]# useradd -D -b /home/test
[root@abhi ~]# useradd -D
GROUP=100
HOME=/home/test
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@abhi~]#





----------------------------------------------------------------------------------------------------------------------
                    How to remove a user .

We are using the command "userdel" to remove the user.




# userdel test       -----removes the user from the system(including entry in /etc/passwd & /etc/shadow file) IT will not remove the user's home directory.
#userdel -r test     -----It will remove the user definition and also the home directory of the user.
#userdel -f -r test  -----It will remove the user definition ,home directory and other definitions of user  forcefully,even if he is still logged in.

               Changing the attributes of user

We can change the attributes of users using the "usermod" command.

Below are the options available for usermod command

Usage: usermod [options] LOGIN

Options:
  -c, --comment  COMMENT                   new value of the GECOS field
  -d, --home HOME_DIR                           new home directory for the user account
  -e, --expiredate EXPIRE_DATE             set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE                         set password inactive after expiration to INACTIVE
  -g, --gid GROUP                                    force use GROUP as new primary group
  -G, --groups GROUPS                            new list of supplementary GROUPS
   -l, --login NEW_LOGIN                       new value of the login name
  -L, --lock                                                lock the user account
  -m, --move-home                                    move contents of the home directory to the
                                                                  new location (use only with -d)
   -s, --shell SHELL                                  new login shell for the user account
  -u, --uid UID                                          new UID for the user account
  -U, --unlock                                            unlock the user account


#usermod -L test  ---locks the user account
#usermod -U test ----unlocks the user account
# usermod -u 505 test ---changing the UID for the user
# usermod -G admin test  --changing the primary group of user test to admin
#usermod -G  users,admin,system test  -- adding the user "test" to users,admin & test group
#usermod e 2015-12-18  -f 5 test2     -- modifying the account expiry date for the user test2 to 18th dec 2015 and password to be set as inactive after 5 days of expiry.
#usermod -a aks test -- appending the user to the group aks
#usermod -m -d /etc/test test ---moving the home directory and it's contents to new location /etc/test for user test.
---------------------------------------------------------------------------------------------------------------------


                            How to create a group

We can grate a group using the command "groupadd" Group details are stored in files /etc/group and /etc/gshadow .

#groupadd aks   ---creates a group named "aks"
#groupadd -g 508 abhi ---creates a group abhi with GID 508

                        How to delete a group

we can delete a group using the groupdel command

#groupdel aks

                       MOdifying group attributes

Group Attributes are modified using the command "groupmod"

#groupmod -g 510 abhi -- changing the GID for group abhi
#groupmod -n test abhi ---changing the group name from "abhi" to "test"

------------------------------------------------------------------------------------------------------------------------------------


 Some tips on applying Security Hardening   for users.

1. Setting the password policies for particular user 



Listing the current password policies applied to user "test"
#chage -l test

Last password change                                                           : Jan 17, 2015
Password expires                                                                   : Apr 17, 2015
Password inactive                                                                  : never
Account expires                                                                     : never
Minimum number of days between password change        : 0
Maximum number of days between password change        : 90
Number of days of warning before password expires         : 7


 setting  the parameter (Maximum) to 90 . the user will be prompted for changing the password  after 90 days.

  # chage -M 90 test 
  
       


#chage -W 8 test --  Start warning the user  8 days before password expires







Posted by at No comments:
Subscribe to: Posts (Atom)